mailing list archives
Re: need more for sendmail VRFY and EXPN bug
From: jwa () nbs nau edu (James W. Abendschan)
Date: Tue, 14 May 1996 23:16:50 -0700
Way back on May 15, 12:33pm, Great Wall wrote:
Does anyone know more detail information about follow bug?
[ ... ]
The previous CIAC Bulletin G-09 referred to vulnerabilities with SMTP
"EXPN" and "VRFY" commands. The SMTP vulnerability is a result of a
vulnerability in syslog. The syslog(3) subroutine uses an internal
buffer for building messages that are sent to the syslogd(8)
daemon. The syslog subroutine does not check boundaries on data stored
in this buffer. It is possible to overflow the internal buffer and
rewrite the subroutine call stack. It is then possible to execute
Wasn't this the bug that 8LGM spoke about a long time ago?
I too would like additional information; I haven't seen an
exploit for this anywhere.
James W. Abendschan Email: jwa () nbs nau edu
UNIX Systems Programmer/Administrator Phone: (520) 556-7466 x238
Colorado Plateau Research Station, Flagstaff, AZ Voice mail: *516