The Sendmail Bomb
Dave G. | March 22nd, 2006 | Filed Under: Disclosure, New Findings
ISS dropped an unholy advisory about a “Sendmail Remote Signal Handling” Vulnerability. Mark Dowd (Credited with finding the vulnerability) is a smart cookie. I will let Dino or someone else talk more about the technical details, but I would like to remind everyone if Tom’s This Old Vulnerability post on wuftpd which talked about Remote Signal Handling Vulnerabilities.
I am sure right now, there are dozens of people working on an exploit. I wish we had a betting pool on when the first one hits the mailing lists. I say Friday between 2 and 3pm.
blog
April 8th, 2006 11:11 pmA betting pool would be great - then we could arrest whoever won. Fear not, however, I’ll come to your defense - honest, officer, I was only guessing based on a random chance of it happening at that time…. no, sir, I didn’t game the market. Inside information? Why, I don’t even know what that is, sir… (use wide eyes here, it works).
…Relax, I’m just kidding
Pete | 03.22.06 - 4:44 pm | #
Based on pure random guessing (plausible deniability for Pete’s benefit), if its EVER released, will be by COB Thursday. 3/22. I’m willing to wager the currency of Matasano’s microeconomy, a cup of coffee from the MUD truck.
Jeremy | 03.22.06 - 4:59 pm | #
Leave a reply