-BEGIN PGP SIGNED MESSAGE-
lcamtuf> a) Sendmail (tested with 8.9.3 and previous) allows you to put
lcamtuf>mail addressed to eg. '|/bin/sh' (or any file) into mail
lcamtuf>queue. Fortunately, this queue file should contain also line
lcamtuf>like 'Croot' to be processed properl
On Tue, 21 Dec 1999, Rob Jones wrote:
> with or without these double-quotes the message is immediately dropped
> on redhat linux with the message
Oops! Yes, apparently this problem affects all versions of Sendmail, but
only with .cf file left from 8.8.x or previous releases. In fact, obsolete
.c
>a) On some glibc 2.0 machines (eg. RedHat), malloc(negative_integer) won't
>result in EINVAL, but with valid pointer, for which malloc_usable_size()
>returns size of 12 bytes. Heap overflows possible? Hmm, at least SEGVs in
>procmail :)
On a pedantic note: it is not possible to call a standard
> a) Sendmail (tested with 8.9.3 and previous) allows you to put mail
>addressed to eg. '|/bin/sh' (or any file) into mail queue. Fortunately,
>this queue file should contain also line like 'Croot' to be processed
>properly, while we have no idea how to put it there. But, anyway,
>
Hope you won't be angry for cross-post?:) This mail discusses five
interesting vulnerabilities in Berkeley Sendmail and 'procmail' utility, I
think it's good to let you know - but don't panic - at least for now, we
are too lazy and we have no idea if any of these holes can be exploited -
that's wh
