Vulnerability Development: Re: /usr/bin/Mail buffer 0verfl0w

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: /usr/bin/Mail buffer 0verfl0w

From: K2 <ktwo () KTWO CA>
Date: Thu, 1 Mar 2001 13:53:30 -0800

SosPiro wrote:


I found a buffer oveflow in /usr/bin/Mail,it's suid by default on my
Slakware 7.00  K2.2.13
This is the problem:

SunsetZer0:#Mail
Mail version 8.1 6/6/93.      Type ? for help
"/var/spool/mail/root":           2  messages  2  unread

U  1  root                                   Thu Sep  15  02:23    33/1257

"hole in /usr/bin/Mail"
  U  2  sospiro                               Sat Oct    9  18:19  126/6192
"Owned!Owned!"
& t  0 x 2240
0:Invalid   message  number
"Source"  stack  over-pop
Segmentation Fault

sospiro

"ALl We WaNt is T0 bE HapPy"
---------------------------------



You sure that isnt sGid?

snow:~# ls -l /usr/bin/Mail
-rwx--s--x   1 root     mail        75968 Aug 19  1999 /usr/bin/Mail*

That's on my slackware box.
--
K2

By Date By Thread

Current thread:

Re: /usr/bin/Mail buffer 0verfl0w, (continued)
- Re: /usr/bin/Mail buffer 0verfl0w Markus (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w Lukasz Kowalczyk (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w K2 (Mar 01)
  - Re: /usr/bin/Mail buffer 0verfl0w BAILLEUX Christophe (Mar 02)
    - Re: /usr/bin/Mail buffer 0verfl0w Joe (Mar 02)
    - Re: /usr/bin/Mail buffer 0verfl0w Blue Boar (Mar 03)
    - Crediting/Communication (Was: Re: [VULN-DEV] /usr/bin/Mail buffer 0verfl0w) Syzop (Mar 03)
- Re: /usr/bin/Mail buffer 0verfl0w BAILLEUX Christophe (Mar 02)