Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: need more for sendmail VRFY and EXPN bug

Re: need more for sendmail VRFY and EXPN bug

From: James W. Abendschan <jwa_at_nbs.nau.edu>
Date: Tue, 14 May 1996 23:16:50 -0700

Way back on May 15, 12:33pm, Great Wall wrote:
> Does anyone know more detail information about follow bug?

[ ... ]

> The previous CIAC Bulletin G-09 referred to vulnerabilities with SMTP
> "EXPN" and "VRFY" commands. The SMTP vulnerability is a result of a
> vulnerability in syslog. The syslog(3) subroutine uses an internal
> buffer for building messages that are sent to the syslogd(8)
> daemon. The syslog subroutine does not check boundaries on data stored
> in this buffer. It is possible to overflow the internal buffer and
> rewrite the subroutine call stack. It is then possible to execute
> arbitrary programs.

Wasn't this the bug that 8LGM spoke about a long time ago?
I too would like additional information; I haven't seen an
exploit for this anywhere.

James 

--
James W. Abendschan                                 Email: jwa_at_nbs.nau.edu
UNIX Systems Programmer/Administrator               Phone: (520) 556-7466 x238
Colorado Plateau Research Station, Flagstaff, AZ    Voice mail: *516
Received on May 15 1996
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos