|
Vulnerability Development
mailing list archives
Re: /usr/bin/Mail buffer 0verfl0w
From: syzop <syz () DDS NL>
Date: Fri, 2 Mar 2001 03:47:46 +0100
Enrique Maglietta wrote:
& t 0 x 2240
0:Invalid message number
"Source" stack over-pop
Segmentation Fault
I'm test on a SuSE 7.0 , and there is no problem
& t 0x2240
0: Invalid message number
& t 0 x 2240
0: Invalid message number
&
SosPiro should have explained it better,
When somebody says
& t 0 x 2240
not everybody understands you are sending 2240 zero's,
it is better to write something like:
& t [2240x'0']
which is often used :)
Anyway... Tested here with Debian 2.2:
Mail version 8.1 6/6/93. Type ? for help.
-- snip --
& t 0x2240
0: Invalid message number
& t 0 x 2240
0: Invalid message number
& t 0000000000000000[etc (2300 times)]
0: Invalid message number
"Source" stack over-pop.
Segmentation fault
That's the latest version (I've verified my version with the latest version
available at debians website).
Also, Markus wrote:
Bug the bug is there, a guy called Kengz www.kengz.org
made a exploit time ago.
My nameserver says (www.)kengz.org doesn't exist so I couldn't verify :(.
if /usr/bin/Mail is setgid
but it is not setgid,setuid for default.
it is sgid mail on Debian, so if this is exploitable... :)
Cya
Syzop.
 By Date 
By Thread
Current thread:
| 
Intro
