Bugtraq: Re: Multiply bugs in MH-6.8.3 (Mail Handler program)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Multiply bugs in MH-6.8.3 (Mail Handler program)

From: nolander () NOLANDER PP SE (nolander () NOLANDER PP SE)
Date: Mon, 28 Jul 1997 21:47:27 +0200

Okay there is an overflow in MH-6.8.3, which is suid, which I THINK (not
sure), is installed, at least in Redhat 4.1+,  by default (I think this

  char *hdir, buf[BUFSIZ], *tmp;
                                             purposes if you try to
overflow this...just use a size
                                             of 9999, just to see if it
segfaults.

        hdir = getenv("HOME");
        if (hdir == NULL)
                hdir = ".";
        (void) sprintf(buf, "%s/.netrc", hdir);


All this was in ruserpass.c...

ruserpass(host,&user,&pass); is found in msgchk.c, in checkremote() or
something like that... meaning that the host aren't vulnerable if not
configured.. this is from a system where mh was installed w/o being
configured (default)

[nolander () sangis nolander]$ /usr/bin/mh/msgchk -host muroff
msgchk: no servers available

check mana mh-tailor for more info about this server stuff :)

By Date By Thread

Current thread:

Multiply bugs in MH-6.8.3 (Mail Handler program) Matt Conover (Jul 26)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) nolander () NOLANDER PP SE (Jul 28)
  - Re: Multiply bugs in MH-6.8.3 (Mail Handler program) Alan Cox (Jul 28)
  - Re: Multiply bugs in MH-6.8.3 (Mail Handler program) Matt Conover (Jul 28)
  - bind security: fear, uncertainty, and doubts Paul A Vixie (Jul 28)