redhat 6.0 runs with same version of mail, and with the same result. so does
redhat 6.2.
Med venlig hilsen
Knud Erik Hojgaard <knud_at_cybercity.dk>
Cybercity Erhvervssupport <support_at_erhverv.cybercity.dk>
http://www.cybercity.dk/support
Tlf 33 98 30 60
|-- Jesus saves, but only Buddha makes incremental backups --|
-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV_at_SECURITYFOCUS.COM]On Behalf Of
syzop
Sent: 2. marts 2001 03:48
To: VULN-DEV_at_SECURITYFOCUS.COM
Subject: Re: /usr/bin/Mail buffer 0verfl0w
Enrique Maglietta wrote:
> > & t 0 x 2240
> > 0:Invalid message number
> > "Source" stack over-pop
> > Segmentation Fault
> >
>
> I'm test on a SuSE 7.0 , and there is no problem
>
> & t 0x2240
> 0: Invalid message number
> & t 0 x 2240
> 0: Invalid message number
> &
SosPiro should have explained it better,
When somebody says
& t 0 x 2240
not everybody understands you are sending 2240 zero's,
it is better to write something like:
& t [2240x'0']
which is often used :)
Anyway... Tested here with Debian 2.2:
Mail version 8.1 6/6/93. Type ? for help.
-- snip --
& t 0x2240
0: Invalid message number
& t 0 x 2240
0: Invalid message number
& t 0000000000000000[etc (2300 times)]
0: Invalid message number
"Source" stack over-pop.
Segmentation fault
That's the latest version (I've verified my version with the latest version
available at debians website).
Also, Markus wrote:
>Bug the bug is there, a guy called Kengz www.kengz.org
>made a exploit time ago.
My nameserver says (www.)kengz.org doesn't exist so I couldn't verify :(.
>if /usr/bin/Mail is setgid
>but it is not setgid,setuid for default.
it is sgid mail on Debian, so if this is exploitable... :)
Cya
Syzop.
Received on Mar 02 2001
Intro
