On Sat, 25 Mar 2006 18:00:41 +0200, Gadi Evron said: > There are two exploit code samples I saw. There are two remote exploits > for one of them so far that are public that I know of.
There's exploits for the race condition. I was *specifically* talking about the integer overflow, which looks pretty damned hard to exploit unless the victim site deliberately recompiled their sendmail binary with a very sub-optimum configuration. But then, you'd know that if you either actually *looked* at what I wrote, or looked at the diff of the 8.13.[56] trees.
pgpYmcpHAo1i4.pgp
Description: PGP signature
