Re: procmail heap overflow

From: SpaceWalker (spacewalkerat_private)
Date: Wed Jun 19 2002 - 01:03:45 PDT

Next message: Oliver Petruzel: "RE: Vulnerability Coordination"

Previous message: Replugge[ROD]: "Re: Apache Worm?"
In reply to: flatline: "procmail heap overflow"
Next in thread: KF: "Re: procmail heap overflow"
Next in thread: Ryan W. Maple: "Re: procmail heap overflow"
Reply: KF: "Re: procmail heap overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

$ procmail -v
procmail v3.15.1 2001/01/08
$ procmail `perl -e '{print "A"x10240}'`=A
wait indefinitively
Doesn't seem to segfault on my system, I'm running base slackware 8 on x86.

On Wed, 19 Jun 2002 02:38:08 +0200
flatline <flatlineat_private> wrote:

> hi,
> 
> i found a heap overflow in procmail (up until latest) some time ago.
> 
> flatline@intra:/usr/bin$ ls -la procmail
> -rwsr-xr-x    1 root     mail        64344 Jun  3  2001 procmail*
> flatline@intra:/usr/bin$ ./procmail `perl -e '{print "A"x10240}'`=A
> procmail: Exceeded LINEBUF
> Segmentation fault
> flatline@intra:/usr/bin$
> 
> at first it seemed to properly drop privs before segging, but not too long 
> ago i managed to make it crash while it still had euid 0.
> segfaults have been seen on red hat/slackware linux and bsd variants. 
> successful exploitation has not been verified.
> 
> / flatline
> 
> greets fly out to fc, zeno, xistence, thewolf, #gold, #!xpc and everyone 
> who felt left out.
>

Next message: Oliver Petruzel: "RE: Vulnerability Coordination"
Previous message: Replugge[ROD]: "Re: Apache Worm?"
In reply to: flatline: "procmail heap overflow"
Next in thread: KF: "Re: procmail heap overflow"
Next in thread: Ryan W. Maple: "Re: procmail heap overflow"
Reply: KF: "Re: procmail heap overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 09:43:04 PDT