Vulnerability Development mailing list archives
Re: /usr/bin/Mail buffer 0verfl0w
From: "Rasta C. Shell" <rasta () RSHELL ORG>
Date: Fri, 2 Mar 2001 19:25:48 +0200
I think is is not exploitable since the buffer can except only chars in the range of \x30 - \x39. But I haven't looked at the source. SosPiro <sospiro () FREEMAIL IT> wrote:
I found a buffer oveflow in /usr/bin/Mail,it's suid by default on my Slakware 7.00 K2.2.13 This is the problem: SunsetZer0:#Mail Mail version 8.1 6/6/93. Type ? for help "/var/spool/mail/root": 2 messages 2 unreadU 1 root Thu Sep 15 02:23 33/1257"hole in /usr/bin/Mail" U 2 sospiro Sat Oct 9 18:19 126/6192 "Owned!Owned!" & t 0 x 2240 0:Invalid message number "Source" stack over-pop Segmentation Fault sospiro "ALl We WaNt is T0 bE HapPy" ---------------------------------
-- http://www.rshell.org Join #shellcode on EFnet. rasta () rshell org
Current thread:
- Re: /usr/bin/Mail buffer 0verfl0w, (continued)
- Re: /usr/bin/Mail buffer 0verfl0w Syzop (Mar 06)
- Re: /usr/bin/Mail buffer 0verfl0w Maciek Pasternacki (Mar 07)
- Re: /usr/bin/Mail buffer 0verfl0w Markus (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w Lukasz Kowalczyk (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w K2 (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w BAILLEUX Christophe (Mar 02)
- Re: /usr/bin/Mail buffer 0verfl0w Joe (Mar 02)
- Re: /usr/bin/Mail buffer 0verfl0w Blue Boar (Mar 03)
- Crediting/Communication (Was: Re: [VULN-DEV] /usr/bin/Mail buffer 0verfl0w) Syzop (Mar 03)
- Re: /usr/bin/Mail buffer 0verfl0w BAILLEUX Christophe (Mar 02)