Bugtraq mailing list archives

Re: need more for sendmail VRFY and EXPN bug

From: jwa () nbs nau edu (James W. Abendschan)
Date: Tue, 14 May 1996 23:16:50 -0700


Way back on May 15, 12:33pm, Great Wall wrote:

Does anyone know more detail information about follow bug?


[ ... ]

The previous CIAC Bulletin G-09 referred to vulnerabilities with SMTP
"EXPN" and "VRFY" commands. The SMTP vulnerability is a result of a
vulnerability in syslog. The syslog(3) subroutine uses an internal
buffer for building messages that are sent to the syslogd(8)
daemon. The syslog subroutine does not check boundaries on data stored
in this buffer. It is possible to overflow the internal buffer and
rewrite the subroutine call stack. It is then possible to execute
arbitrary programs.


Wasn't this the bug that 8LGM spoke about a long time ago?
I too would like additional information; I haven't seen an
exploit for this anywhere.

James


--
James W. Abendschan                                 Email: jwa () nbs nau edu
UNIX Systems Programmer/Administrator               Phone: (520) 556-7466 x238
Colorado Plateau Research Station, Flagstaff, AZ    Voice mail: *516

Current thread:

need more for sendmail VRFY and EXPN bug Great Wall (May 14)
- <Possible follow-ups>
- Re: need more for sendmail VRFY and EXPN bug James W. Abendschan (May 14)
  - Re: need more for sendmail VRFY and EXPN bug Casper Dik (May 15)