Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: buffer overflow in msgchk
From: eijk () huygens org (Erwin J. van Eijk)
Date: Wed, 13 May 1998 09:37:16 +0200


jorge> Sometime ago was published in bugtraq that a vulnerabily existed in the
jorge> msgchk program, which is installed suid root in redhat 5.0:

jorge> msgchk -host `perl -e 'print "A" x 2000'`

jorge> leads to a segfault, which can be exploited to get root access.

This vulnerability is not present when using mh-6.8.4-6 in RH
5. msgchk ends with

msgchk: argument AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAA (2000 times) too long

Grtz
EJ
--
+--------------------+ There's only one rule:
| Erwin J.  van Eijk |          The golden rule.
| eijk () acm org       | He who owns the gold, rules.
+--------------------+



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault