Vulnerability Development: Re: Mail bug

[fintler <fintler () halfbug com>]

--- Gossi The Dog <gossi () owned lab6 com> wrote:
> Hi,
>
> I've discovered slightly odd behavour from /usr/bin/Mail on my Redhat
6.2
> box.  I don't really have the time to fiddle with this, so I'm hoping
you
> guys can provide feedback as to if this is reproducable on other
systems.
> Lets start with version numbers;
>
> [gossi () owned gossi]$ strings /bin/mail | grep version
> version
> Mail version %s.  Type ? for help.
> $OpenBSD: version.c,v 1.4 1996/06/08 19:48:46 christos Exp $
...
> If Mail encounters hex character x00 (aka ^@ as vi shows it), it seg
> faults and dumps it core.  On Slackware and (I believe) Debian, Mail is
> suid root.  On Redhat it isn't.  Other distros might have the suid bit
> set.
>
> There are two ways to easily reproduce this;
...

It worked without any problems (no seg fault) on slack 7.1...

fintler () bleedgreen:~$ strings /bin/mail | grep version
version
Mail version %s.  Type ? for help.
$OpenBSD: version.c,v 1.4 1996/06/08 19:48:46 christos Exp $
.gnu.version
.gnu.version_r
fintler () bleedgreen:~$

probally specific to your localhost or rh....

-fintler (fintler () msec net)