Bugtraq mailing list archives
Re: Multiply bugs in MH-6.8.3 (Mail Handler program)
From: shok () COBRA ONLINEX NET (Matt Conover)
Date: Mon, 28 Jul 1997 22:51:48 -0600
No actually you're wrong...there are two different overflows...this is why I said there are MULTIPLE bugs...I just only mentioned one..because that one is used no checkmail() and it will be called but there is an exception: static int checkmail (user, home, datesw, notifysw, personal) register char *user, *home; int datesw, notifysw, personal; { int mf, status; char buffer[BUFSIZ]; struct stat st; (void) sprintf (buffer, "%s/%s", mmdfldir[0] ? mmdfldir : home, mmdflfil[0] ? mmdflfil : user); The exception is if mmdfldir[0] is true..otherwise this WILL get called and this is directly in msgchk.c checkmail() NOT in ruserpass.c that is a completely different overflow On Mon, 28 Jul 1997 nolander () NOLANDER PP SE wrote:
Okay there is an overflow in MH-6.8.3, which is suid, which I THINK (not sure), is installed, at least in Redhat 4.1+, by default (I think thischar *hdir, buf[BUFSIZ], *tmp; purposes if you try to overflow this...just use a size of 9999, just to see if it segfaults. hdir = getenv("HOME"); if (hdir == NULL) hdir = "."; (void) sprintf(buf, "%s/.netrc", hdir);All this was in ruserpass.c... ruserpass(host,&user,&pass); is found in msgchk.c, in checkremote() or something like that... meaning that the host aren't vulnerable if not configured.. this is from a system where mh was installed w/o being configured (default) [nolander@sangis nolander]$ /usr/bin/mh/msgchk -host muroff msgchk: no servers available check mana mh-tailor for more info about this server stuff :)
Current thread:
- Multiply bugs in MH-6.8.3 (Mail Handler program) Matt Conover (Jul 26)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) nolander () NOLANDER PP SE (Jul 28)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) Alan Cox (Jul 28)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) Matt Conover (Jul 28)
- bind security: fear, uncertainty, and doubts Paul A Vixie (Jul 28)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) nolander () NOLANDER PP SE (Jul 28)