|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: K2 (ktwo
KTWO.CA)Date: Thu Mar 01 2001 - 15:53:30 CST
SosPiro wrote:
>
> I found a buffer oveflow in /usr/bin/Mail,it's suid by default on my
> Slakware 7.00 K2.2.13
> This is the problem:
>
> SunsetZer0:#Mail
> Mail version 8.1 6/6/93. Type ? for help
> "/var/spool/mail/root": 2 messages 2 unread
> >U 1 root Thu Sep 15 02:23 33/1257
> "hole in /usr/bin/Mail"
> U 2 sospiro Sat Oct 9 18:19 126/6192
> "Owned!Owned!"
> & t 0 x 2240
> 0:Invalid message number
> "Source" stack over-pop
> Segmentation Fault
>
> sospiro
>
> "ALl We WaNt is T0 bE HapPy"
> ---------------------------------
You sure that isnt sGid?
snow:~# ls -l /usr/bin/Mail
-rwx--s--x 1 root mail 75968 Aug 19 1999 /usr/bin/Mail*
That's on my slackware box.
-- K2
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]