> Hi Frank: > > I have tried to generate buffer overruns from my sendmail but only get > an error message stating that the input line is too long. > > I am running Sun's Sendmail 4.1/3.2.012693 under SunOS Release 4.1.3_U > > Is there a test I can do to determine whether or not this vulnerability > applies? I am running Sendmail through tcp wrappers in case this makes a > difference. > > -> See: Info-Sec Heaven at URL http://all.net/ > Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 Hiya -- You have a completely different flavor of sendmail. However, you should check that you have: 101665-04 SunOS 4.1.3_U1: sendmail jumbo patch And you should probably upgrade to 8.7.3 anyway. You can find exploits (some call 'em tests) for most sendmail holes in the bugtraq archives. A quick altavista search kicks back: http://www.beckman.uiuc.edu/groups/biss/VirtualLibrary/mail/Archive/95October/b ugtraq/subject.html -cpt townsend@fly.net [Ob Introduction] I'm Chris Townsend, I run fly.net in new york city. I do network security and engineering. I'm interested in "intrusion detection systems" people may have that are better than my systems made from spit, gum, motorola pagers, and linux (basically, a mail --> pager gateway that takes a number on the subject line. I can page an op from any shell script {e.g. when a particular user logs in, disk space is low, certain system crashes, bad logins, etc..}) I am also interested in systems which can dynamically respond to perceived threats (the "paranoid" one routes 'em to nowhere and plays dead, the "aggressive" one attacks a perceived attacker back) and I hope that someday soon all this security stuff just goes away.