[2527] in bugtraq
Re: need more for sendmail VRFY and EXPN bug
daemon@ATHENA.MIT.EDU (James W. Abendschan)
Wed May 15 02:58:43 1996
Date: Tue, 14 May 1996 23:16:50 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "James W. Abendschan" <jwa@nbs.nau.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Great Wall <jasonchu@accmail.ceic.go.cn> "need more for sendmail
VRFY and EXPN bug" (May 15, 12:33pm)
Way back on May 15, 12:33pm, Great Wall wrote:
> Does anyone know more detail information about follow bug?
[ ... ]
> The previous CIAC Bulletin G-09 referred to vulnerabilities with SMTP
> "EXPN" and "VRFY" commands. The SMTP vulnerability is a result of a
> vulnerability in syslog. The syslog(3) subroutine uses an internal
> buffer for building messages that are sent to the syslogd(8)
> daemon. The syslog subroutine does not check boundaries on data stored
> in this buffer. It is possible to overflow the internal buffer and
> rewrite the subroutine call stack. It is then possible to execute
> arbitrary programs.
Wasn't this the bug that 8LGM spoke about a long time ago?
I too would like additional information; I haven't seen an
exploit for this anywhere.
James
--
James W. Abendschan Email: jwa@nbs.nau.edu
UNIX Systems Programmer/Administrator Phone: (520) 556-7466 x238
Colorado Plateau Research Station, Flagstaff, AZ Voice mail: *516
