oss-sec mailing list archives
Re: CVE request: procmail heap overflow in getlline()
From: Tero Marttila <terom () fixme fi>
Date: Thu, 04 Dec 2014 02:09:37 +0200
FWIW I don't have a specific PoC/scenario to supply for this case that serves as an exploit with untrusted input, but I am not familar enough with procmail and how it is used to make a judgement on if some related code-path/scenario could be exploitable.
I reported this as a security bug due to the implied high risk level of procmail being suid-root on Debian, and thus deserving of more detailed inspection. But that's a distribution issue.
-- Tero Marttila On 04/12/14 01:30, Joshua J. Drake wrote:
Is it possible to trigger this issue with untrusted input or only trusted input from procmailrc? Joshua On Wed, Dec 03, 2014 at 11:31:20PM +0200, Henri Salo wrote:Please assign 2014 CVE for procmail heap overflow in getlline() as described in following Debian BTS item <https://bugs.debian.org/771958> reported by Tero Marttila. Please comment if you need more information about the issue. --- Henri Salo
Current thread:
- CVE request: procmail heap overflow in getlline() Henri Salo (Dec 03)
- Re: CVE request: procmail heap overflow in getlline() Joshua J. Drake (Dec 03)
- Re: CVE request: procmail heap overflow in getlline() Tero Marttila (Dec 03)
- Re: CVE request: procmail heap overflow in getlline() Santiago Vila (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Kurt Seifried (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Florian Weimer (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Florian Weimer (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Joshua J. Drake (Dec 03)