Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [security-alerts] Fwd: FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail
3APA3A wrote:
>Dear Alexander Dilevsky,
>
>На sendmail.org написано.
>
>Sendmail 8.13.6 release notes
>
>8.13.6/8.13.6 2006/03/22
>SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
>and client side of sendmail with timeouts in the libsm I/O
>layer and fix problems in that code. Also fix handling of
>a buffer in sm_syslog() which could have been used as an
>attack vector to exploit the unsafe handling of
>setjmp(3)/longjmp(3) in combination with signals.
>Problem detected by Mark Dowd of ISS X-Force.
>
>Т.е. идея понятна, есть некий буфер куда можно положить шелкод и
>передать управление используя кратковременные условия (thread завершился
>до того, как longjmp сработал).
>
>
>
Идея-то понятна, а патчить как?
Попробовать воспроизвести ход мыслей Марка? :)
--
Alexander Dilevsky
mailto:dil@xxxxxx
|
