oss-sec mailing list archives
Re: CVE request: procmail heap overflow in getlline()
From: Santiago Vila <sanvila () unex es>
Date: Thu, 4 Dec 2014 08:57:49 +0100
On Wed, Dec 03, 2014 at 05:30:57PM -0600, Joshua J. Drake wrote:
Is it possible to trigger this issue with untrusted input or only trusted input from procmailrc?
This is an issue with the handling of .procmailrc file, which contains the filter rules for procmail. An external attacker is not supposed to provide the .procmailrc file at /home/user, only the email to be filtered, so, IMHO, this is a bug but maybe not a security bug. Thanks.
Current thread:
- CVE request: procmail heap overflow in getlline() Henri Salo (Dec 03)
- Re: CVE request: procmail heap overflow in getlline() Joshua J. Drake (Dec 03)
- Re: CVE request: procmail heap overflow in getlline() Tero Marttila (Dec 03)
- Re: CVE request: procmail heap overflow in getlline() Santiago Vila (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Kurt Seifried (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Florian Weimer (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Florian Weimer (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Joshua J. Drake (Dec 03)