flatline <flatlineat_private> napisał(a): > i found a heap overflow in procmail (up until latest) some time ago. Actually, the latest version of procmail is 3.22 (2001/09/10), which is not vulnerable: $ ./procmail `perl -e 'print "A"x10240'`=A ^Cprocmail: Terminating prematurely AFAIR, this problem was reported quite a long time ago by Michał Zalewski. > flatline@intra:/usr/bin$ ls -la procmail > -rwsr-xr-x 1 root mail 64344 Jun 3 2001 procmail* Your version of procmail looks like older than 3.22. BTW. Recent versions of procmail segfaults after SIGINT/SIGTERM/SIGHUP when invoked with no arguments and no input: [venglin@clitoris venglin]$ procmail procmail: Terminating prematurely Segmentation fault But this is probably only a minor bug. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslawat_private ** PGP: D48684904685DF43EA93AFA13BE170BF *
This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 11:07:32 PDT