procmail heap overflow

Type securityvulns
Reporter Securityvulns
Modified 2002-06-19T00:00:00



i found a heap overflow in procmail (up until latest) some time ago.

flatline@intra:/usr/bin$ ls -la procmail -rwsr-xr-x 1 root mail 64344 Jun 3 2001 procmail* flatline@intra:/usr/bin$ ./procmail `perl -e '{print "A"x10240}'`=A procmail: Exceeded LINEBUF Segmentation fault flatline@intra:/usr/bin$

at first it seemed to properly drop privs before segging, but not too long ago i managed to make it crash while it still had euid 0. segfaults have been seen on red hat/slackware linux and bsd variants. successful exploitation has not been verified.

/ flatline

greets fly out to fc, zeno, xistence, thewolf, #gold, #!xpc and everyone who felt left out.