RE: procmail heap overflow

From: Peter Mueller (pmuellerat_private)
Date: Wed Jun 19 2002 - 16:00:12 PDT

Next message: gobblesat_private: "Remote Apache 1.3.x Exploit"

Previous message: Przemyslaw Frasunek: "apache chunked encoding"
Maybe in reply to: flatline: "procmail heap overflow"
Next in thread: Artur Byszko / bikero: "Re: procmail heap overflow"
Next in thread: Wodahs Latigid: "RE: procmail heap overflow"
Reply: Artur Byszko / bikero: "Re: procmail heap overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Looks like 4.6-PRERELEASE is ok.

> uname -a
FreeBSD xxx.yyy.com 4.6-PRERELEASE FreeBSD 4.6-PRERELEASE #2: Sun May  5
22:57:25 PDT 2002     root@localhost:/usr/obj/usr/src/sys/xxx  i386
> /usr/local/bin/procmail `perl -e '{print "A"x10240}'`=A
Word too long.

Peter

> -----Original Message-----
> From: kam [mailto:kamat_private]
> Sent: Wednesday, June 19, 2002 11:01 AM
> To: flatline
> Cc: bugtraqat_private; vuln-devat_private
> Subject: Re: procmail heap overflow
> 
> 
> On Wed, Jun 19, 2002 at 02:38:08AM +0200, flatline said 
> sometin like...
> > hi,
> > 
> > i found a heap overflow in procmail (up until latest) some time ago
> 
> I have been able to duplicate this on FreeBSD 4.4-Release
> 
> uname -a
> 4.4-RELEASE FreeBSD 4.4-RELEASE
> 
> ls -la /usr/local/bin/procmail
> -rwsr-sr-x   1 root     mail        66644 Jun 11 07:00
> /usr/local/bin/procmail*
> .
>

Next message: gobblesat_private: "Remote Apache 1.3.x Exploit"
Previous message: Przemyslaw Frasunek: "apache chunked encoding"
Maybe in reply to: flatline: "procmail heap overflow"
Next in thread: Artur Byszko / bikero: "Re: procmail heap overflow"
Next in thread: Wodahs Latigid: "RE: procmail heap overflow"
Reply: Artur Byszko / bikero: "Re: procmail heap overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 17:42:34 PDT