|
Vulnerability Development
mailing list archives
Re: /usr/bin/Mail buffer 0verfl0w
From: Syzop <syz () DDS NL>
Date: Tue, 6 Mar 2001 16:33:00 +0100
Hi,
"Lord_Ph () ntom" wrote:
---cut---
Mail version 8.1 6/6/93. Type ? for help.
N 1 phantom () wraith serwe Mon Mar 5 20:27 22/766 "a"
& t 0x2240
0: Invalid message number
& t 0 x 2240
0: Invalid message number
& t 000000000000000000000000000[...]
0: Invalid message number
&
---cut---
hmm... I have also Debian 2.2 ...
Try more zero's then (quick counted: 2500 is enough for segfault,
1500 is enough for segfault after next command)
Oh, and one thing: just many zero's give you the same result,
you can drop the 't ' :).
By the way, I couldn't trace the location of the bug,
anybody else knows where it is/has a patch?
Looks like the original code was unsecure, but with patches all (I guess)
strcpy's are replaced with strncpy, and more of such stuff.
Why is mail on some systems sgid?,
It looks like it's something with locking files, but why doesn't mail
to be sgid on other systems then?
Syzop.
 By Date 
By Thread
Current thread:
- Re: /usr/bin/Mail buffer 0verfl0w, (continued)
Re: /usr/bin/Mail buffer 0verfl0w Markus (Mar 01)
Re: /usr/bin/Mail buffer 0verfl0w Lukasz Kowalczyk (Mar 01)
Re: /usr/bin/Mail buffer 0verfl0w K2 (Mar 01)
|
Intro
