NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2001-q4

From: Robert Jaroszuk (shfnsm.pl)
Date: Sun Nov 25 2001 - 13:39:32 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi everyone.

I've discovered something strange in fetchmail (debian 2.2r4 + 2.2.20):

[20:00](shfequinox shf)$ fetchmail a
Segmentation fault
[20:00](shfequinox shf)$ gdb `which fetchmail`
GNU gdb 19990928
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
(no debugging symbols found)...
(gdb) run a
Starting program: /usr/bin/fetchmail a
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x2d406a in strcasecmp () from /lib/libc.so.6
(gdb) info reg
eax 0x73 115
ecx 0x0 0
edx 0x73 115
ebx 0x378058 3637336
esp 0xbffff4e4 -1073744668
ebp 0xbffff4fc -1073744644
esi 0xbffff555 -1073744555
edi 0x3acc64 3853412
eip 0x2d406a 2965610
eflags 0x10286 66182
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x0 0
cwd 0xffff037f -64641
swd 0xffff0000 -65536
twd 0xffffffff -1
fip 0x15a7d1 1419217
fcs 0x77d0023 125632547
fopo 0xbfffd834 -1073752012
fos 0xffff002b -65493
(gdb)

fetchmail version is 5.9.3+NTLM+SDPS+SSL+NLS.

I've tested it on slackware 7.1 and 8.0 (both on kernel 2.4.12)
with fetchmail 5.4.0+NLS (7.1) and 5.8.6+SSL+NLS (8.0), and here is the result:
$ fetchmail a
Enter password for shfa: ^C
fetchmail: Caught SIGINT... bailing out.
$

Greetz.
shf

-- 
............... Robert Jaroszuk - <shfnsm.pl> ...............
GCS/O d? s: a--- C+++ UL++++$ P+ L+++>++++ E- W- N+ !K w--- O- 
M- V- PS+ PE Y(+) PGP-(+) t-- X- R tv-- b++>++++ DI+ D h(!) !r 
... Najznamienitszy wojownik wygrywa bez walki. (Sun Tzu). ...

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org

iD4DBQE8AUj0uJnjJlL6iTARAuE0AJdBrVXCmATLPMUl/23jAb6G/X0tAJwMB4yz nI1aJI3jY1jXEEJuIv9i+A== =kPZd -----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]