Home page logo
/

bugtraq logo Bugtraq mailing list archives

need more for sendmail VRFY and EXPN bug
From: jasonchu () accmail ceic go cn (Great Wall)
Date: Wed, 15 May 1996 12:33:32 +0900


Does anyone know more detail information about follow bug?

-------------------------- cut here ----------------------------------
Bulletin G-09a supersedes CIAC's Bulletin G-09 dated January 31, 1996.
G-09a bulletin revisits the sendmail/syslog vulnerabilities that were
reported earlier in CERT ADVISORY CA-95:13.  Since the release of
CA-95:13, updated patch information has been obtained from several
vendors. This updated information appears in Appendix A of this
bulletin (this was originally supplied by CERT).

The previous CIAC Bulletin G-09 referred to vulnerabilities with SMTP
"EXPN" and "VRFY" commands. The SMTP vulnerability is a result of a
vulnerability in syslog. The syslog(3) subroutine uses an internal
buffer for building messages that are sent to the syslogd(8)
daemon. The syslog subroutine does not check boundaries on data stored
in this buffer. It is possible to overflow the internal buffer and
rewrite the subroutine call stack. It is then possible to execute
arbitrary programs.

Most versions of sendmail prior to Version 8.6.10, including Sendmail
5.67+IDA-1.5 and most vendor versions, contain the syslog
vulnerability that could allow unauthorized root access. CIAC has
received information that the syslog vulnerability is being exploited
with a script that has been written to be used with sendmail.

Successful exploitation of this vulnerability allows an attacker to
execute arbitrary commands on the local system with super-user
("root") permissions and gain unrestricted access to system resources.

---------------------------- cut here --------------------------------



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]