[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] /usr/bin/Mail buffer overflow
- Subject: [cobalt-security] /usr/bin/Mail buffer overflow
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Sun, 4 Mar 2001 07:29:26 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Theres a buffer overflow on all Cobalt RaQs, most probably other Cobalt
products also, in /usr/bin/Mail. To recreate it, telnet in, run 'mail',
at the prompt enter t 0(followed by manually entering 0 about two thousand
times - copying and pasting works), hit enter. Mail bombs. There also
appears to be an exploit kicking about for it.
Its not a huge problem because it requires an account on the RaQ, but
never-the-less will need patching at some point.
...
[gossi@owned gossi]$ mail Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/gossi"
1 message 1 new
>N 1 LISTSERV@xxxxxxxxxxx Sun Mar
4 07:23 18/998 "Message ("Your messag"
& t
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
<followed by several more lines of 0's>
0: Invalid message number
"Source" stack over-pop.
Segmentation fault (core dumped)
...