RE: procmail heap overflow

From: Peter Mueller (pmuellerat_private)
Date: Wed Jun 19 2002 - 16:00:12 PDT

  • Next message: gobblesat_private: "Remote Apache 1.3.x Exploit"

    Looks like 4.6-PRERELEASE is ok.
    
    > uname -a
    FreeBSD xxx.yyy.com 4.6-PRERELEASE FreeBSD 4.6-PRERELEASE #2: Sun May  5
    22:57:25 PDT 2002     root@localhost:/usr/obj/usr/src/sys/xxx  i386
    > /usr/local/bin/procmail `perl -e '{print "A"x10240}'`=A
    Word too long.
    
    Peter
    
    > -----Original Message-----
    > From: kam [mailto:kamat_private]
    > Sent: Wednesday, June 19, 2002 11:01 AM
    > To: flatline
    > Cc: bugtraqat_private; vuln-devat_private
    > Subject: Re: procmail heap overflow
    > 
    > 
    > On Wed, Jun 19, 2002 at 02:38:08AM +0200, flatline said 
    > sometin like...
    > > hi,
    > > 
    > > i found a heap overflow in procmail (up until latest) some time ago
    > 
    > I have been able to duplicate this on FreeBSD 4.4-Release
    > 
    > uname -a
    > 4.4-RELEASE FreeBSD 4.4-RELEASE
    > 
    > ls -la /usr/local/bin/procmail
    > -rwsr-sr-x   1 root     mail        66644 Jun 11 07:00
    > /usr/local/bin/procmail*
    > .
    > 
    



    This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 17:42:34 PDT