[6765] in bugtraq
Re: buffer overflow in msgchk
daemon@ATHENA.MIT.EDU (Erwin J. van Eijk)
Fri May 15 12:42:11 1998
Date: Wed, 13 May 1998 09:37:16 +0200
Reply-To: "Erwin J. van Eijk" <eijk@huygens.org>
From: "Erwin J. van Eijk" <eijk@HUYGENS.ORG>
X-To: Jorge Hurtado Rojo <jhurtado@QUARKSS.ES>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Tue, 12 May 1998 12:28:00 +0200."
<81A2362B56B4D111AD8400A0248A39497A85@jorge.quarkss.es>
jorge> Sometime ago was published in bugtraq that a vulnerabily existed in the
jorge> msgchk program, which is installed suid root in redhat 5.0:
jorge> msgchk -host `perl -e 'print "A" x 2000'`
jorge> leads to a segfault, which can be exploited to get root access.
This vulnerability is not present when using mh-6.8.4-6 in RH
5. msgchk ends with
msgchk: argument AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAA (2000 times) too long
Grtz
EJ
--
+--------------------+ There's only one rule:
| Erwin J. van Eijk | The golden rule.
| eijk@acm.org | He who owns the gold, rules.
+--------------------+
