[Comm] ошибка в /bin/mail - buffer overrun
Dmitry Alexeyev
=?iso-8859-1?q?dmi=5Fa_=CE=C1_qnx=2Eorg=2Eru?=
Ср Июн 4 11:48:03 MSD 2003
В сообщении от Среда 04 Июнь 2003 07:57 Mike Lykov написал:
> http://www.securityfocus.com/bid/7760/discussion/
>
> A vulnerability has been discovered in the Linux /bin/mail utility.
> The problem occurs when processing excessive data within the carbon
> copy field. Due to insufficient bounds checking while parsing this
> information it may be possible to trigger a buffer overrun.
>
> An attacker could exploit this issue to execute arbitrary commands.
> It should be noted that local exploitation may be inconsequential,
> however a malicious e-mail message or CGI interface could be a
> sufficient conduit for remote exploitation.
>
> -- vulnerable
> RedHat Linux 9.0 i386
> Slackware Linux 8.1
>
> not vulnerable
> Slackware Linux 9.0
>
> А как насчет ALT Linux ?
http://www.securityfocus.com/bid/7760/exploit/
Это у меня не работает.
----
[dmi на dmi dmi]$ ./bin_mail-exp.pl
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
.
Cc: too long to edit
...not printable...
м─ХэЪЪЪ/bin/ksh": Ambiguous.
mail: (null): Bad address
---
WBR,
Dmitry
Подробная информация о списке рассылки community