Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: /usr/bin/Mail buffer 0verfl0w

Re: /usr/bin/Mail buffer 0verfl0w

From: Rasta C. Shell <rasta_at_RSHELL.ORG>
Date: Fri, 2 Mar 2001 19:25:48 +0200

I think is is not exploitable since the buffer can except only chars
in the range of \x30 - \x39. But I haven't looked at the source.

SosPiro <sospiro_at_FREEMAIL.IT> wrote:
> I found a buffer oveflow in /usr/bin/Mail,it's suid by default on my
> Slakware 7.00 K2.2.13
> This is the problem:
>
> SunsetZer0:#Mail
> Mail version 8.1 6/6/93. Type ? for help
> "/var/spool/mail/root": 2 messages 2 unread
> >U 1 root Thu Sep 15 02:23 33/1257
> "hole in /usr/bin/Mail"
> U 2 sospiro Sat Oct 9 18:19 126/6192
> "Owned!Owned!"
> & t 0 x 2240
> 0:Invalid message number
> "Source" stack over-pop
> Segmentation Fault
>
> sospiro
>
> "ALl We WaNt is T0 bE HapPy"
> --------------------------------- 

--
http://www.rshell.org
Join #shellcode on EFnet.
rasta_at_rshell.org
Received on Mar 03 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]