Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: procmail heap overflow

From: "Wodahs Latigid" <wodahs () mail com>
Date: Thu, 20 Jun 2002 08:20:06 +0000
Was that using csh? Try it with bash.. that may have just been
the shell complaining.

- wodahs

----- Original Message -----
From: Peter Mueller <pmueller () sidestep com>
Date: Wed, 19 Jun 2002 16:00:12 -0700
To: "''kam''" <kam () aversion net>, flatline <flatline () blackhat nl>
Subject: RE: procmail heap overflow



Looks like 4.6-PRERELEASE is ok.


uname -a

FreeBSD xxx.yyy.com 4.6-PRERELEASE FreeBSD 4.6-PRERELEASE #2: Sun May  5
22:57:25 PDT 2002     root@localhost:/usr/obj/usr/src/sys/xxx  i386

/usr/local/bin/procmail `perl -e '{print "A"x10240}'`=A

Word too long.

Peter


-----Original Message-----
From: kam [mailto:kam () aversion net]
Sent: Wednesday, June 19, 2002 11:01 AM
To: flatline
Cc: bugtraq () securityfocus com; vuln-dev () securityfocus com
Subject: Re: procmail heap overflow


On Wed, Jun 19, 2002 at 02:38:08AM +0200, flatline said 
sometin like...

hi,

i found a heap overflow in procmail (up until latest) some time ago


I have been able to duplicate this on FreeBSD 4.4-Release

uname -a
4.4-RELEASE FreeBSD 4.4-RELEASE

ls -la /usr/local/bin/procmail
-rwsr-sr-x   1 root     mail        66644 Jun 11 07:00
/usr/local/bin/procmail*
.






-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

Save up to $160 by signing up for NetZero Platinum Internet service.
http://www.netzero.net/?refcd=N2P0602NEP8
Previous By Date Next
Previous By Thread Next

Current thread: