Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: procmail heap overflow

From: Artur Byszko / bikero <bikero () security hack pl>
Date: Thu, 20 Jun 2002 21:27:39 +0200
W Wed, Jun 19, 2002 at 04:00:12PM -0700, Peter Mueller wrote:

Looks like 4.6-PRERELEASE is ok.


uname -a

FreeBSD xxx.yyy.com 4.6-PRERELEASE FreeBSD 4.6-PRERELEASE #2: Sun May  5
22:57:25 PDT 2002     root@localhost:/usr/obj/usr/src/sys/xxx  i386

/usr/local/bin/procmail `perl -e '{print "A"x10240}'`=A

Word too long.


But in 4.6-STABLE:

bikero@phreak:~$ uname -a
FreeBSD phreak.uni.cc 4.6-STABLE FreeBSD 4.6-STABLE #1: Wed Jun 19 10:47:52
CEST 2002     bikero () phreak uni cc:/usr/obj/usr/src/sys/bikero-security  i386
bikero@phreak:~$ /usr/local/bin/procmail `perl -e '{print "A"x10240}'`=A
^Cprocmail: Terminating prematurely
Segmentation fault (core dumped)

regards,
-- 
* \x41\x72\x74\x75\x72\x20\x42\x79\x73\x7a\x6b\x6f *
* \x62\x69\x6b\x65\x72\x6f\x40\x45\x46\x4e\x45\x54 *

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: