On Sun, Jun 03, 2001 at 06:40:48PM +0100, Gossi The Dog wrote: > So, roughly, the questions I can see are; > > a) can you reproduce it > b) what OS/distro > c) is Mail suid root? > d) why is it doing this, and is it exploitable? > hi, i've tested on a debian woody (unstable) tonon@cthugha[~/mail]$wget http://owned.lab6.com/~gossi/crashmail.txt --08:59:15-- http://owned.lab6.com/%7Egossi/crashmail.txt => `crashmail.txt' Length: 5,378 [text/plain] 0K -> ..... [100%] 08:59:15 (5.13 MB/s) - `crashmail.txt' saved [5378/5378] tonon@cthugha[~/mail]$mv crashmail.txt inbox tonon@cthugha[~/mail]$mail Mail version 8.1.2 01/15/2001. Type ? for help. "/home/asylum/tonon/mail/inbox": 1 message 1 new >N 1 sup-infoat_private Sat Jun 2 04:52 161/5376 Security Update: >[CSSA-2001-019.0] Webmin root account leak so it doesn't segfault it was tested on a debian woody i386 mail isn't suid root ls -l `which mail` -rwxr-xr-x 1 root root 70268 Apr 4 00:44 /usr/bin/mail hope this help u. regards Samuele -- Samuele Tonon <samuat_private> Undergraduate Student of Computer Science at University of Bologna, Italy System administrator at Computer Science Lab's, University of Bologna, Italy Founder & Member of A.A.H.T. UIN 3155609 Acid -- better living through chemistry. Timothy Leary
This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 12:44:47 PDT