[19938] in bugtraq
Re: SCO 5.0.6 MMDF issues (sendmail 8.9.3)
daemon@ATHENA.MIT.EDU (Stuart Browne)
Fri Mar 30 03:58:28 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <002d01c0b7da$03e0edc0$2288e7c0@promed.com.au>
Date: Thu, 29 Mar 2001 08:54:16 +1000
Reply-To: Stuart Browne <stuart@PROMED.COM.AU>
From: Stuart Browne <stuart@PROMED.COM.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200103281526.f2SFQcA21720@foo-bar-baz.cc.vt.edu>
> Topic: SCO 5.0.6 MMDF issues (sendmail 8.9.3)
Umm... MMDF has nothing to do with Sendmail 8.9.3, as far as I know. I've
been alpha/beta testing Sendmails since 8.9.0 and don't remember any MMDF
in there.
> version 2.43.3b of MMDF. The sendmail 8.9.3 binary has poor handling of
> command line arguments resulting in a buffer overflow.
> /opt/K/SCO/MMDF/2.43.3b/usr/lib/sendmail `perl -e 'print "A" x 3000'`
Are you sure that this is not an MMDF binary installed as /usr/lib/sendmail
as a submission agent, to provide compatibility with scripts and programs
that think /usr/lib/sendmail can be used to submit mail?
Your assumption is correct. Under SCO when sendmail isn't the chosen MTA at
install (MMDF is still the default for some reason), the 'sendmail' binary
is a wrapper into the remainder of the MMDF package.
Stuart
