* [Comm] ошибка в /bin/mail - buffer overrun
@ 2003-06-04 3:57 Mike Lykov
2003-06-04 7:48 ` Dmitry Alexeyev
0 siblings, 1 reply; 2+ messages in thread
From: Mike Lykov @ 2003-06-04 3:57 UTC (permalink / raw)
To: community
http://www.securityfocus.com/bid/7760/discussion/
A vulnerability has been discovered in the Linux /bin/mail utility. The
problem occurs when processing excessive data within the carbon copy field.
Due to insufficient bounds checking while parsing this information it may be
possible to trigger a buffer overrun.
An attacker could exploit this issue to execute arbitrary commands. It should
be noted that local exploitation may be inconsequential, however a malicious
e-mail message or CGI interface could be a sufficient conduit for remote
exploitation.
-- vulnerable
RedHat Linux 9.0 i386
Slackware Linux 8.1
not vulnerable
Slackware Linux 9.0
А как насчет ALT Linux ?
--
Mike
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Comm] ошибка в /bin/mail - buffer overrun
2003-06-04 3:57 [Comm] ошибка в /bin/mail - buffer overrun Mike Lykov
@ 2003-06-04 7:48 ` Dmitry Alexeyev
0 siblings, 0 replies; 2+ messages in thread
From: Dmitry Alexeyev @ 2003-06-04 7:48 UTC (permalink / raw)
To: community
В сообщении от Среда 04 Июнь 2003 07:57 Mike Lykov написал:
> http://www.securityfocus.com/bid/7760/discussion/
>
> A vulnerability has been discovered in the Linux /bin/mail utility.
> The problem occurs when processing excessive data within the carbon
> copy field. Due to insufficient bounds checking while parsing this
> information it may be possible to trigger a buffer overrun.
>
> An attacker could exploit this issue to execute arbitrary commands.
> It should be noted that local exploitation may be inconsequential,
> however a malicious e-mail message or CGI interface could be a
> sufficient conduit for remote exploitation.
>
> -- vulnerable
> RedHat Linux 9.0 i386
> Slackware Linux 8.1
>
> not vulnerable
> Slackware Linux 9.0
>
> А как насчет ALT Linux ?
http://www.securityfocus.com/bid/7760/exploit/
Это у меня не работает.
----
[dmi@dmi dmi]$ ./bin_mail-exp.pl
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
.
Cc: too long to edit
...not printable...
м─ХэЪЪЪ/bin/ksh": Ambiguous.
mail: (null): Bad address
---
WBR,
Dmitry
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-06-04 7:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-06-04 3:57 [Comm] ошибка в /bin/mail - buffer overrun Mike Lykov
2003-06-04 7:48 ` Dmitry Alexeyev
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git