Vulnerability Development mailing list archives

Re: sendmail ;o)

From: gshapiro () SENDMAIL ORG (Gregory Neil Shapiro)
Date: Sun, 16 Jul 2000 20:11:54 -0700


-----BEGIN PGP SIGNED MESSAGE-----

sgp> In Solaris snprintf doesn't null terminate (when buffer overflows). When
sgp> sendmail is used here it may lead to some security problems. I'm not using
sgp> Solaris so I don't need to do anything about it except of sending
sgp> information to sendmail.org and to some lists like this one.

An engineer at Sun has informed us that was a bug in the man page, not in
snprintf() itself.  He has tested snprintf() on all of the versions of
Solaris and it does NUL terminate properly.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface
Charset: noconv

iQCVAwUBOXJ5dHxLZ22gDhVjAQFTUwQAsmtAVL/Mtp3fgAXJ/+u6+r5jkKS2+Ow+
zPLYIpcvU8y5tkFZJzFhjclhLULBSvCi2wIrcXnFoBBKaH3E23FY9S6su751ROSh
8pswHPgcK9lCkzunD+/WDgNXPtd9b7V6mTL8EVOazd6zT92OiU3kzDeyLrxJXKnj
IuZ6VtxG/IQ=
=Ac/k
-----END PGP SIGNATURE-----

Current thread:

sendmail ;o) Slawek (Jul 12)
- Re: sendmail ;o) Daniel Jacobowitz (Jul 12)
  - Re: sendmail ;o) Slawek (Jul 13)
    - Re: sendmail ;o) Gregory Neil Shapiro (Jul 16)
    - Re: sendmail ;o) Kev (Jul 17)
- Re: sendmail ;o) Kev (Jul 13)