Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Buffer overflow in procmail [suid!]

From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Thu, 10 Aug 2000 17:23:23 +0200
On Thu, 10 Aug 2000, Tobias von Koch wrote:


Procmail recognizes that the line is a bit too long. alright.
But if you try something bigger than 2053...

$ /usr/bin/procmail x=`perl -e "print 1x2054"`
 <Ctrl>-D
Segmentation fault

You can get root privileges (with some code) now....


No, you can't. If you feel you can, them prove it. We spend some time
investigating this issue already (right before receiving your post, what a
coincidence :).

_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
Previous By Date Next
Previous By Thread Next

Current thread: