Does anyone know more detail information about follow bug? -------------------------- cut here ---------------------------------- Bulletin G-09a supersedes CIAC's Bulletin G-09 dated January 31, 1996. G-09a bulletin revisits the sendmail/syslog vulnerabilities that were reported earlier in CERT ADVISORY CA-95:13. Since the release of CA-95:13, updated patch information has been obtained from several vendors. This updated information appears in Appendix A of this bulletin (this was originally supplied by CERT). The previous CIAC Bulletin G-09 referred to vulnerabilities with SMTP "EXPN" and "VRFY" commands. The SMTP vulnerability is a result of a vulnerability in syslog. The syslog(3) subroutine uses an internal buffer for building messages that are sent to the syslogd(8) daemon. The syslog subroutine does not check boundaries on data stored in this buffer. It is possible to overflow the internal buffer and rewrite the subroutine call stack. It is then possible to execute arbitrary programs. Most versions of sendmail prior to Version 8.6.10, including Sendmail 5.67+IDA-1.5 and most vendor versions, contain the syslog vulnerability that could allow unauthorized root access. CIAC has received information that the syslog vulnerability is being exploited with a script that has been written to be used with sendmail. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the local system with super-user ("root") permissions and gain unrestricted access to system resources. ---------------------------- cut here --------------------------------