Vulnerability Development: Re: Buffer overflow in procmail [suid!]

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Buffer overflow in procmail [suid!]

From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Thu, 10 Aug 2000 17:23:23 +0200

On Thu, 10 Aug 2000, Tobias von Koch wrote:

Procmail recognizes that the line is a bit too long. alright.
But if you try something bigger than 2053...

$ /usr/bin/procmail x=`perl -e "print 1x2054"`
 <Ctrl>-D
Segmentation fault

You can get root privileges (with some code) now....


No, you can't. If you feel you can, them prove it. We spend some time
investigating this issue already (right before receiving your post, what a
coincidence :).

_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

By Date By Thread

Current thread:

Re: Buffer overflow in procmail [suid!], (continued)
- Re: Buffer overflow in procmail [suid!] Aaron Campbell (Aug 10)
  - Re: Buffer overflow in procmail [suid!] Adam Prato (Aug 10)
- Re: Buffer overflow in procmail [suid!] rpc (Aug 10)
  - Re: Buffer overflow in procmail [suid!] HD Moore (Aug 14)
  - Re: Buffer overflow in procmail [suid!] Michal Zalewski (Aug 14)
- Re: Buffer overflow in procmail [suid!] Michal Zalewski (Aug 10)
- Re: Buffer overflow in procmail [suid!] Martin MOKREJŠ (Aug 14)