From owner-freebsd-isp  Tue Sep  1 21:49:58 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA06696
          for freebsd-isp-outgoing; Tue, 1 Sep 1998 21:49:58 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from rainey.blueneptune.com (rainey.blueneptune.com [209.133.45.253])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA06689
          for <freebsd-isp@freebsd.org>; Tue, 1 Sep 1998 21:49:54 -0700 (PDT)
          (envelope-from michael@rainey.blueneptune.com)
Received: (from michael@localhost)
	by rainey.blueneptune.com (8.8.8/8.8.7) id VAA17358;
	Tue, 1 Sep 1998 21:38:26 -0700 (PDT)
	(envelope-from michael)
Message-Id: <199809020438.VAA17358@rainey.blueneptune.com>
Subject: Re: procmail (was Re: qmail/ezmlm)
In-Reply-To: <Pine.BSF.3.96.980902152834.1035A-100000@aniwa.sky> from Andrew McNaughton at "Sep 2, 98 03:44:29 pm"
To: freebsd-isp@FreeBSD.ORG
Date: Tue, 1 Sep 1998 21:38:26 -0700 (PDT)
Cc: andrew@squiz.co.nz
From: michael@blueneptune.com
Reply-To: michael@blueneptune.com
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


I tried the following using version 3.11pre7 of procmail, under
FreeBSD 2.2.6, and did not see any corruption.  It just said it
couldn't open the file, and exited normally.

> I haven't yet seen exploit code, but evidence of probable exploitability
> was tacked onto stuff about mincom in a BUGTRAQ item on monday.  I've
> confirmed that the registers get corrupted in my version of procmail
> (3.11) under FreeBSD (2.2.5).
> 
> --------------- Forwarded message follows ----------------
> [...]
> 
> woozle:~> gdb ./procmail
> [...]
> (gdb)  r `perl -e 'print "A" x 5000'`
> Starting program: /home/emsi/./procmail `perl -e 'print "A" x 5000'`
> 
> [You need to type ^D here!!!]
> 
> procmail: Couldn't create "/var/spool/mail/emsi"
> (no debugging symbols found)...(no debugging symbols found)...
> Program received signal SIGSEGV, Segmentation fault.

-- 
Michael Bryan
michael@blueneptune.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message