mailing list archives
Re: sendmail vunerability?
From: Timo Sirainen <tss () iki fi>
Date: 29 Mar 2003 09:52:29 +0200
On Wed, 2003-11-19 at 14:55, nag wrote:
there is some rumor spreading about new sendmail vulnerability. i do not see
any news at www.sendmail.org but supposedly ths is remote buffer overflow.
i received the patch (see below), but o not have any exploit, so please
don't mail me about it.
does this look legitimate? any comments? is this something old? is
this some scam backdoor?
Assuming the address can contain high-ascii characters and it can be
more than twice as long as pvpbsize, this is exploitable. I don't know
if those conditions are prevented anywhere. Pretty interesting hole
anyway, took a while to figure it out.
Another problem may be that it calls isspace() and isascii() for
negative values. Some systems don't like that.
Full-Disclosure - We believe in it.