Re: procmail heap overflow

From: Przemyslaw Frasunek (venglinat_private)
Date: Wed Jun 19 2002 - 01:12:10 PDT

  • Next message: qobaiashi: "Re: Apache Worm?"

    flatline <flatlineat_private> napisał(a):
    
    > i found a heap overflow in procmail (up until latest) some time ago.
    
    Actually, the latest version of procmail is 3.22 (2001/09/10), which
    is not vulnerable:
    
    $ ./procmail `perl -e 'print "A"x10240'`=A
    ^Cprocmail: Terminating prematurely
    
    AFAIR, this problem was reported quite a long time ago by Michał
    Zalewski.
    
    > flatline@intra:/usr/bin$ ls -la procmail
    > -rwsr-xr-x    1 root     mail        64344 Jun  3  2001 procmail*
    
    Your version of procmail looks like older than 3.22.
    
    BTW. Recent versions of procmail segfaults after SIGINT/SIGTERM/SIGHUP
    when invoked with no arguments and no input:
    
    [venglin@clitoris venglin]$ procmail
    procmail: Terminating prematurely
    Segmentation fault
    
    But this is probably only a minor bug.
    
    -- 
    * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
    * Inet: przemyslawat_private ** PGP: D48684904685DF43EA93AFA13BE170BF *
    



    This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 11:07:32 PDT