Vulnerability Development mailing list archives

Re: usr/bin/newmail buffer overflow

From: "Larry W. Cashdollar" <lwc () VAPID DHS ORG>
Date: Sat, 10 Feb 2001 22:43:33 -0800

It isnt setuid on Mandrake 7.2.

On Sat, 10 Feb 2001, SosPiro wrote:

I found a buffer overflow in /usr/bin/newmail (distributed with elm 2.5
PL3) .
"newmail is a program to allow monitoring of mailboxes in an intelligent
fashion"
I tested it on my Linux Box (RedHat 6.2)
Look at this:

#newmail -w AAAA....x 7561
Segmentation Fault (core dumped)

sospiro

Current thread:

usr/bin/newmail buffer overflow SosPiro (Feb 10)
- Re: usr/bin/newmail buffer overflow Larry W. Cashdollar (Feb 10)
- <Possible follow-ups>
- Re: usr/bin/newmail buffer overflow Techno Bob (Feb 11)