|
Vulnerability Development
mailing list archives
Re: Mail bug
From: Samu <samu () linuxasylum net>
Date: Mon, 4 Jun 2001 09:02:57 +0200
On Sun, Jun 03, 2001 at 06:40:48PM +0100, Gossi The Dog wrote:
So, roughly, the questions I can see are;
a) can you reproduce it
b) what OS/distro
c) is Mail suid root?
d) why is it doing this, and is it exploitable?
hi,
i've tested on a debian woody (unstable)
tonon () cthugha[~/mail]$wget http://owned.lab6.com/~gossi/crashmail.txt
--08:59:15-- http://owned.lab6.com/%7Egossi/crashmail.txt
=> `crashmail.txt'
Length: 5,378 [text/plain]
0K -> ..... [100%]
08:59:15 (5.13 MB/s) - `crashmail.txt' saved [5378/5378]
tonon () cthugha[~/mail]$mv crashmail.txt inbox
tonon () cthugha[~/mail]$mail
Mail version 8.1.2 01/15/2001. Type ? for help.
"/home/asylum/tonon/mail/inbox": 1 message 1 new
N 1 sup-info () opus cal Sat Jun 2 04:52 161/5376 Security Update:
[CSSA-2001-019.0] Webmin root account leak
so it doesn't segfault
it was tested on a debian woody i386
mail isn't suid root
ls -l `which mail`
-rwxr-xr-x 1 root root 70268 Apr 4 00:44 /usr/bin/mail
hope this help u.
regards
Samuele
--
Samuele Tonon <samu () linuxasylum net>
Undergraduate Student of Computer Science at University of Bologna, Italy
System administrator at Computer Science Lab's, University of Bologna, Italy
Founder & Member of A.A.H.T.
UIN 3155609
Acid -- better living through chemistry.
Timothy Leary
 By Date 
By Thread
Current thread:
| 
Intro
