Vulnerability Development mailing list archives
Re: Mail bug
From: Samu <samu () linuxasylum net>
Date: Mon, 4 Jun 2001 09:02:57 +0200
On Sun, Jun 03, 2001 at 06:40:48PM +0100, Gossi The Dog wrote:
So, roughly, the questions I can see are; a) can you reproduce it b) what OS/distro c) is Mail suid root? d) why is it doing this, and is it exploitable?
hi, i've tested on a debian woody (unstable) tonon@cthugha[~/mail]$wget http://owned.lab6.com/~gossi/crashmail.txt --08:59:15-- http://owned.lab6.com/%7Egossi/crashmail.txt => `crashmail.txt' Length: 5,378 [text/plain] 0K -> ..... [100%] 08:59:15 (5.13 MB/s) - `crashmail.txt' saved [5378/5378] tonon@cthugha[~/mail]$mv crashmail.txt inbox tonon@cthugha[~/mail]$mail Mail version 8.1.2 01/15/2001. Type ? for help. "/home/asylum/tonon/mail/inbox": 1 message 1 new
N 1 sup-info () opus cal Sat Jun 2 04:52 161/5376 Security Update: [CSSA-2001-019.0] Webmin root account leak
so it doesn't segfault
it was tested on a debian woody i386
mail isn't suid root
ls -l `which mail`
-rwxr-xr-x 1 root root 70268 Apr 4 00:44 /usr/bin/mail
hope this help u.
regards
Samuele
--
Samuele Tonon <samu () linuxasylum net>
Undergraduate Student of Computer Science at University of Bologna, Italy
System administrator at Computer Science Lab's, University of Bologna, Italy
Founder & Member of A.A.H.T.
UIN 3155609
Acid -- better living through chemistry.
Timothy Leary
Current thread:
- Mail bug Gossi The Dog (Jun 03)
- Re: Mail bug Devdas Bhagat (Jun 04)
- Re: Mail bug Gossi The Dog (Jun 04)
- Re: Mail bug fejed (Jun 06)
- Re: Mail bug Meritt James (Jun 06)
- Re: Mail bug Samu (Jun 04)
- Re: Mail bug Thor (Jun 04)
- <Possible follow-ups>
- Re: Mail bug fintler (Jun 04)
- Re: Mail bug Roland Dworschak (Jun 04)
- Re: Mail bug Alex (Jun 04)
- Re: Mail bug Majid Almassari (Jun 05)
- Re: Mail bug Malf Easance (Jun 07)
- Re: Mail bug Devdas Bhagat (Jun 04)