OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Buffer overflow in procmail [suid!]
From: Michal Zalewski (lcamtufDIONE.IDS.PL)
Date: Thu Aug 10 2000 - 10:23:23 CDT


On Thu, 10 Aug 2000, Tobias von Koch wrote:

> Procmail recognizes that the line is a bit too long. alright.
> But if you try something bigger than 2053...
>
> $ /usr/bin/procmail x=`perl -e "print 1x2054"`
> <Ctrl>-D
> Segmentation fault
>
> You can get root privileges (with some code) now....

No, you can't. If you feel you can, them prove it. We spend some time
investigating this issue already (right before receiving your post, what a
coincidence :).

_______________________________________________________
Michal Zalewski [lcamtuftpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=