Home page logo

bugtraq logo Bugtraq mailing list archives

Re: need more for sendmail VRFY and EXPN bug
From: jwa () nbs nau edu (James W. Abendschan)
Date: Tue, 14 May 1996 23:16:50 -0700

Way back on May 15, 12:33pm, Great Wall wrote:
Does anyone know more detail information about follow bug?

[ ... ]

The previous CIAC Bulletin G-09 referred to vulnerabilities with SMTP
"EXPN" and "VRFY" commands. The SMTP vulnerability is a result of a
vulnerability in syslog. The syslog(3) subroutine uses an internal
buffer for building messages that are sent to the syslogd(8)
daemon. The syslog subroutine does not check boundaries on data stored
in this buffer. It is possible to overflow the internal buffer and
rewrite the subroutine call stack. It is then possible to execute
arbitrary programs.

Wasn't this the bug that 8LGM spoke about a long time ago?
I too would like additional information; I haven't seen an
exploit for this anywhere.


James W. Abendschan                                 Email: jwa () nbs nau edu
UNIX Systems Programmer/Administrator               Phone: (520) 556-7466 x238
Colorado Plateau Research Station, Flagstaff, AZ    Voice mail: *516

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]