Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: buffer overflow in msgchk
From: aleph1 () NATIONWIDE NET (Aleph One)
Date: Fri, 15 May 1998 11:34:08 -0500


On Wed, 13 May 1998, Erwin J. van Eijk wrote:

This vulnerability is not present when using mh-6.8.4-6 in RH
5. msgchk ends with

msgchk: argument AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAA (2000 times) too long

This vulnerability has already been discussed here back in January.
The message by Cesar Tascon Alvarez <tascon () enete gui uva es> that sparked
the discussion is available at
http://www.netspace.org/cgi-bin/wa?A2=ind9801C&L=bugtraq&D=&H=&T=&O=&F=&P=3374

mh-6.8.4-6 is not the version shipped with RedHat 5.0. Thats the fixed
version available in their errata page at
http://www.redhat.com/support/docs/rhl/rh50-errata-general.html#mh

Grtz
EJ

Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]