Vulnerability Development mailing list archives
Re: /usr/bin/Mail buffer 0verfl0w
From: Knud Erik Hojgaard - CyberCity Support <kain () PERKER DK>
Date: Fri, 2 Mar 2001 10:29:55 +0100
redhat 6.0 runs with same version of mail, and with the same result. so does redhat 6.2. Med venlig hilsen Knud Erik Hojgaard <knud () cybercity dk> Cybercity Erhvervssupport <support () erhverv cybercity dk> http://www.cybercity.dk/support Tlf 33 98 30 60 |-- Jesus saves, but only Buddha makes incremental backups --| -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of syzop Sent: 2. marts 2001 03:48 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: /usr/bin/Mail buffer 0verfl0w Enrique Maglietta wrote:
& t 0 x 2240 0:Invalid message number "Source" stack over-pop Segmentation FaultI'm test on a SuSE 7.0 , and there is no problem & t 0x2240 0: Invalid message number & t 0 x 2240 0: Invalid message number &
SosPiro should have explained it better, When somebody says & t 0 x 2240 not everybody understands you are sending 2240 zero's, it is better to write something like: & t [2240x'0'] which is often used :) Anyway... Tested here with Debian 2.2: Mail version 8.1 6/6/93. Type ? for help. -- snip -- & t 0x2240 0: Invalid message number & t 0 x 2240 0: Invalid message number & t 0000000000000000[etc (2300 times)] 0: Invalid message number "Source" stack over-pop. Segmentation fault That's the latest version (I've verified my version with the latest version available at debians website). Also, Markus wrote:
Bug the bug is there, a guy called Kengz www.kengz.org made a exploit time ago.
My nameserver says (www.)kengz.org doesn't exist so I couldn't verify :(.
if /usr/bin/Mail is setgid but it is not setgid,setuid for default.
it is sgid mail on Debian, so if this is exploitable... :) Cya Syzop.
Current thread:
- /usr/bin/Mail buffer 0verfl0w SosPiro (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w Enrique Maglietta (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w syzop (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w Knud Erik Hojgaard - CyberCity Support (Mar 02)
- Re: /usr/bin/Mail buffer 0verfl0w Knud Erik Hojgaard - CyberCity Support (Mar 02)
- Re: /usr/bin/Mail buffer 0verfl0w Jan Kluka (Mar 02)
- Re: /usr/bin/Mail buffer 0verfl0w Lord_Ph@ntom (Mar 06)
- Re: /usr/bin/Mail buffer 0verfl0w Syzop (Mar 06)
- Re: /usr/bin/Mail buffer 0verfl0w Maciek Pasternacki (Mar 07)
- Re: /usr/bin/Mail buffer 0verfl0w syzop (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w Enrique Maglietta (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w BAILLEUX Christophe (Mar 02)
- Re: /usr/bin/Mail buffer 0verfl0w Joe (Mar 02)