Standard buffer overflow, filter is sometimes setgid mail.
Mikhail Iakovlev <miakovle@SN.NO>. Sploit by "Dmitry E. Kim" <jason@REDLINE.RU>
group mail (local)
Systems with vulnerable /usr/bin/filter setgid mail. Include slackware 3.1, possibly 3.0
6 April 1997
Date: Sun, 6 Apr 1997 19:48:03 +0200
From: Mikhail Iakovlev
Subject: Linux - buffer overflow in filter
After reading posting of firstname.lastname@example.org about elm bug which gives gid
mail I just wanted to say some things about /usr/bin/filter program which
is standard in all elm packages under slackware 3.1 (maybe in 3.0 as
well), it is also has suid bit on group mail.With the same parameters as
elm it has buffer overflow.Same exploit posted here by email@example.com
works just fine.
Credits to jsn.
[Note: The elm exploit wasn't posted, but is just standard buffer overflow code. Stick in NLSPATH environmental variable. --Fyodor]
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces: