Theres a buffer overflow on all Cobalt RaQs, most probably other Cobalt
products also, in /usr/bin/Mail. To recreate it, telnet in, run 'mail',
at the prompt enter t 0(followed by manually entering 0 about two thousand
times - copying and pasting works), hit enter. Mail bombs. There also
appears to be an exploit kicking about for it.
Its not a huge problem because it requires an account on the RaQ, but
never-the-less will need patching at some point.
...
[gossi@owned gossi]$ mail Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/gossi"
1 message 1 new
>N 1 [EMAIL PROTECTED] Sun Mar
4 07:23 18/998 "Message ("Your messag"
& t
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
<followed by several more lines of 0's>
0: Invalid message number
"Source" stack over-pop.
Segmentation fault (core dumped)
...
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
