From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dmi_a@qnx.org.ru>
From: Dmitry Alexeyev <dmi_a@qnx.org.ru>
To: community@altlinux.ru
Subject: Re: [Comm] =?koi8-r?q?=CF=DB=C9=C2=CB=C1=20=D7=20=2Fbin=2Fmail=20-=20buffer?=
 =?koi8-r?q?=20overrun?=
Date: Wed, 4 Jun 2003 11:48:03 +0400
User-Agent: KMail/1.5.2
References: <200306040857.06543.combr@vesna.ru>
In-Reply-To: <200306040857.06543.combr@vesna.ru>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="koi8-r"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Message-Id: <200306041148.03489.dmi_a@qnx.org.ru>
Sender: community-admin@altlinux.ru
Errors-To: community-admin@altlinux.ru
X-BeenThere: community@altlinux.ru
X-Mailman-Version: 2.0.9
Precedence: bulk
Reply-To: community@altlinux.ru
List-Unsubscribe: <http://www.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=unsubscribe>
List-Id: <community.altlinux.ru>
List-Post: <mailto:community@altlinux.ru>
List-Help: <mailto:community-request@altlinux.ru?subject=help>
List-Subscribe: <http://www.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=subscribe>
List-Archive: <http://www.altlinux.ru/pipermail/community/>
Archived-At: <http://lore.altlinux.org/community/200306041148.03489.dmi_a@qnx.org.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

В сообщении от Среда 04 Июнь 2003 07:57 Mike Lykov написал:
> http://www.securityfocus.com/bid/7760/discussion/
>
> A vulnerability has been discovered in the Linux /bin/mail utility.
> The problem occurs when processing excessive data within the carbon
> copy field. Due to insufficient bounds checking while parsing this
> information it may be possible to trigger a buffer overrun.
>
> An attacker could exploit this issue to execute arbitrary commands.
> It should be noted that local exploitation may be inconsequential,
> however a malicious e-mail message or CGI interface could be a
> sufficient conduit for remote exploitation.
>
> -- vulnerable
> RedHat Linux 9.0 i386
> Slackware Linux 8.1
>
> not vulnerable
> Slackware Linux 9.0
>
> А как насчет ALT Linux ?

http://www.securityfocus.com/bid/7760/exploit/
Это у меня не работает. 

----
[dmi@dmi dmi]$ ./bin_mail-exp.pl
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
.

Cc: too long to edit
...not printable...
      м─ХэЪЪЪ/bin/ksh": Ambiguous.
mail: (null): Bad address
---

WBR,
Dmitry