Vulnerability Development mailing list archives
Re: /usr/bin/Mail buffer 0verfl0w
From: Syzop <syz () DDS NL>
Date: Tue, 6 Mar 2001 16:33:00 +0100
Hi, "Lord_Ph@ntom" wrote:
---cut--- Mail version 8.1 6/6/93. Type ? for help.N 1 phantom@wraith.serwe Mon Mar 5 20:27 22/766 "a"& t 0x2240 0: Invalid message number & t 0 x 2240 0: Invalid message number & t 000000000000000000000000000[...] 0: Invalid message number & ---cut--- hmm... I have also Debian 2.2 ...
Try more zero's then (quick counted: 2500 is enough for segfault,
1500 is enough for segfault after next command)
Oh, and one thing: just many zero's give you the same result,
you can drop the 't ' :).
By the way, I couldn't trace the location of the bug,
anybody else knows where it is/has a patch?
Looks like the original code was unsecure, but with patches all (I guess)
strcpy's are replaced with strncpy, and more of such stuff.
Why is mail on some systems sgid?,
It looks like it's something with locking files, but why doesn't mail
to be sgid on other systems then?
Syzop.
Current thread:
- /usr/bin/Mail buffer 0verfl0w SosPiro (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w Enrique Maglietta (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w syzop (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w Knud Erik Hojgaard - CyberCity Support (Mar 02)
- Re: /usr/bin/Mail buffer 0verfl0w Knud Erik Hojgaard - CyberCity Support (Mar 02)
- Re: /usr/bin/Mail buffer 0verfl0w Jan Kluka (Mar 02)
- Re: /usr/bin/Mail buffer 0verfl0w Lord_Ph@ntom (Mar 06)
- Re: /usr/bin/Mail buffer 0verfl0w Syzop (Mar 06)
- Re: /usr/bin/Mail buffer 0verfl0w Maciek Pasternacki (Mar 07)
- Re: /usr/bin/Mail buffer 0verfl0w syzop (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w Enrique Maglietta (Mar 01)
- Re: /usr/bin/Mail buffer 0verfl0w BAILLEUX Christophe (Mar 02)
- Re: /usr/bin/Mail buffer 0verfl0w Joe (Mar 02)
- Re: /usr/bin/Mail buffer 0verfl0w Blue Boar (Mar 03)
- Crediting/Communication (Was: Re: [VULN-DEV] /usr/bin/Mail buffer 0verfl0w) Syzop (Mar 03)