oss-sec mailing list archives

Re: CVE request: procmail heap overflow in getlline()

From: Tero Marttila <terom () fixme fi>
Date: Thu, 04 Dec 2014 02:09:37 +0200

FWIW I don't have a specific PoC/scenario to supply for this case thatserves as an exploit with untrusted input, but I am not familar enoughwith procmail and how it is used to make a judgement on if some relatedcode-path/scenario could be exploitable.

I reported this as a security bug due to the implied high risk level ofprocmail being suid-root on Debian, and thus deserving of more detailedinspection. But that's a distribution issue.


 -- Tero Marttila

On 04/12/14 01:30, Joshua J. Drake wrote:

Is it possible to trigger this issue with untrusted input or only
trusted input from procmailrc?

Joshua

On Wed, Dec 03, 2014 at 11:31:20PM +0200, Henri Salo wrote:

Please assign 2014 CVE for procmail heap overflow in getlline() as described in
following Debian BTS item <https://bugs.debian.org/771958> reported by Tero
Marttila. Please comment if you need more information about the issue.

---
Henri Salo

Current thread:

CVE request: procmail heap overflow in getlline() Henri Salo (Dec 03)
- Re: CVE request: procmail heap overflow in getlline() Joshua J. Drake (Dec 03)
  - Re: CVE request: procmail heap overflow in getlline() Tero Marttila (Dec 03)
  - Re: CVE request: procmail heap overflow in getlline() Santiago Vila (Dec 04)
    - Re: CVE request: procmail heap overflow in getlline() Kurt Seifried (Dec 04)
    - Re: CVE request: procmail heap overflow in getlline() Florian Weimer (Dec 04)
    - Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio (Dec 04)
    - Re: CVE request: procmail heap overflow in getlline() Florian Weimer (Dec 04)
    - Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio (Dec 04)