Vulnerability Development mailing list archives
Re: sendmail ;o)
From: gshapiro () SENDMAIL ORG (Gregory Neil Shapiro)
Date: Sun, 16 Jul 2000 20:11:54 -0700
-----BEGIN PGP SIGNED MESSAGE----- sgp> In Solaris snprintf doesn't null terminate (when buffer overflows). When sgp> sendmail is used here it may lead to some security problems. I'm not using sgp> Solaris so I don't need to do anything about it except of sending sgp> information to sendmail.org and to some lists like this one. An engineer at Sun has informed us that was a bug in the man page, not in snprintf() itself. He has tested snprintf() on all of the versions of Solaris and it does NUL terminate properly. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface Charset: noconv iQCVAwUBOXJ5dHxLZ22gDhVjAQFTUwQAsmtAVL/Mtp3fgAXJ/+u6+r5jkKS2+Ow+ zPLYIpcvU8y5tkFZJzFhjclhLULBSvCi2wIrcXnFoBBKaH3E23FY9S6su751ROSh 8pswHPgcK9lCkzunD+/WDgNXPtd9b7V6mTL8EVOazd6zT92OiU3kzDeyLrxJXKnj IuZ6VtxG/IQ= =Ac/k -----END PGP SIGNATURE-----
Current thread:
- sendmail ;o) Slawek (Jul 12)
- Re: sendmail ;o) Daniel Jacobowitz (Jul 12)
- Re: sendmail ;o) Slawek (Jul 13)
- Re: sendmail ;o) Gregory Neil Shapiro (Jul 16)
- Re: sendmail ;o) Kev (Jul 17)
- Re: sendmail ;o) Slawek (Jul 13)
- Re: sendmail ;o) Kev (Jul 13)
- Re: sendmail ;o) Daniel Jacobowitz (Jul 12)