From owner-freebsd-isp  Tue Sep  1 22:27:13 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA13002
          for freebsd-isp-outgoing; Tue, 1 Sep 1998 22:27:13 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from aniwa.sky (aniwa.actrix.gen.nz [203.96.56.186])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA12986
          for <freebsd-isp@freebsd.org>; Tue, 1 Sep 1998 22:27:09 -0700 (PDT)
          (envelope-from andrew@squiz.co.nz)
Received: from localhost (andrew@localhost)
	by aniwa.sky (8.8.7/8.8.7) with SMTP id RAA03934;
	Wed, 2 Sep 1998 17:25:55 +1200 (NZST)
	(envelope-from andrew@squiz.co.nz)
Date: Wed, 2 Sep 1998 17:25:55 +1200 (NZST)
From: Andrew McNaughton <andrew@squiz.co.nz>
X-Sender: andrew@aniwa.sky
Reply-To: andrew@squiz.co.nz
To: michael@blueneptune.com
cc: freebsd-isp@FreeBSD.ORG
Subject: Re: procmail (was Re: qmail/ezmlm)
In-Reply-To: <199809020438.VAA17358@rainey.blueneptune.com>
Message-ID: <Pine.BSF.3.96.980902172413.1035D-100000@aniwa.sky>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Try increasing the ammount of input.  I used 15000 rather than the 5000
used by the author of the original post.

Andrew



On Tue, 1 Sep 1998 michael@blueneptune.com wrote:

> I tried the following using version 3.11pre7 of procmail, under
> FreeBSD 2.2.6, and did not see any corruption.  It just said it
> couldn't open the file, and exited normally.
> 
> > I haven't yet seen exploit code, but evidence of probable exploitability
> > was tacked onto stuff about mincom in a BUGTRAQ item on monday.  I've
> > confirmed that the registers get corrupted in my version of procmail
> > (3.11) under FreeBSD (2.2.5).
> > 
> > --------------- Forwarded message follows ----------------
> > [...]
> > 
> > woozle:~> gdb ./procmail
> > [...]
> > (gdb)  r `perl -e 'print "A" x 5000'`
> > Starting program: /home/emsi/./procmail `perl -e 'print "A" x 5000'`
> > 
> > [You need to type ^D here!!!]
> > 
> > procmail: Couldn't create "/var/spool/mail/emsi"
> > (no debugging symbols found)...(no debugging symbols found)...
> > Program received signal SIGSEGV, Segmentation fault.
> 
> -- 
> Michael Bryan
> michael@blueneptune.com
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message