Vulnerability Development: /usr/bin/Mail buffer 0verfl0w

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

/usr/bin/Mail buffer 0verfl0w

From: SosPiro <sospiro () FREEMAIL IT>
Date: Wed, 28 Feb 2001 20:29:29 +0100

I found a buffer oveflow in /usr/bin/Mail,it's suid by default on my
Slakware 7.00  K2.2.13
This is the problem:

SunsetZer0:#Mail
Mail version 8.1 6/6/93.      Type ? for help
"/var/spool/mail/root":           2  messages  2  unread

U  1  root                                   Thu Sep  15  02:23    33/1257

"hole in /usr/bin/Mail"
  U  2  sospiro                               Sat Oct    9  18:19  126/6192
"Owned!Owned!"
& t  0 x 2240
0:Invalid   message  number
"Source"  stack  over-pop
Segmentation Fault

sospiro

"ALl We WaNt is T0 bE HapPy"
---------------------------------

By Date By Thread

Current thread:

/usr/bin/Mail buffer 0verfl0w SosPiro (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w Enrique Maglietta (Mar 01)
  - Re: /usr/bin/Mail buffer 0verfl0w syzop (Mar 01)
    - Re: /usr/bin/Mail buffer 0verfl0w Knud Erik Hojgaard - CyberCity Support (Mar 02)
    - Re: /usr/bin/Mail buffer 0verfl0w Knud Erik Hojgaard - CyberCity Support (Mar 02)
    - Re: /usr/bin/Mail buffer 0verfl0w Jan Kluka (Mar 02)