[6779] in bugtraq
Re: buffer overflow in msgchk
daemon@ATHENA.MIT.EDU (Aleph One)
Fri May 15 17:10:33 1998
Date: Fri, 15 May 1998 11:34:08 -0500
Reply-To: Aleph One <aleph1@NATIONWIDE.NET>
From: Aleph One <aleph1@NATIONWIDE.NET>
X-To: "Erwin J. van Eijk" <eijk@HUYGENS.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199805130737.JAA31127@hyper.huygens.org>
On Wed, 13 May 1998, Erwin J. van Eijk wrote:
> This vulnerability is not present when using mh-6.8.4-6 in RH
> 5. msgchk ends with
>
> msgchk: argument AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAA (2000 times) too long
This vulnerability has already been discussed here back in January.
The message by Cesar Tascon Alvarez <tascon@enete.gui.uva.es> that sparked
the discussion is available at
http://www.netspace.org/cgi-bin/wa?A2=ind9801C&L=bugtraq&D=&H=&T=&O=&F=&P=3374
mh-6.8.4-6 is not the version shipped with RedHat 5.0. Thats the fixed
version available in their errata page at
http://www.redhat.com/support/docs/rhl/rh50-errata-general.html#mh
> Grtz
> EJ
Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
