/usr/bin/filter NLSPATH buffer overflow

Summary

Description:	Standard buffer overflow, filter is sometimes setgid mail.
Author:	Mikhail Iakovlev <miakovle@SN.NO>. Sploit by "Dmitry E. Kim" <jason@REDLINE.RU>
Compromise:	group mail (local)
Vulnerable Systems:	Systems with vulnerable /usr/bin/filter setgid mail. Include slackware 3.1, possibly 3.0
Date:	6 April 1997

Details

Exploit:

Date: Sun, 6 Apr 1997 19:48:03 +0200
From: Mikhail Iakovlev 
To: BUGTRAQ@NETSPACE.ORG
Subject: Linux - buffer overflow in filter

Hello everyone,
After reading posting of jsn@redline.ru about elm bug which gives gid
mail I just wanted to say some things about /usr/bin/filter program which
is standard in all elm packages under slackware 3.1 (maybe in 3.0 as
well), it is also has suid bit on group mail.With the same parameters as
elm it has buffer overflow.Same exploit posted here by jsn@redline.ru
works just fine.
Credits to jsn.

Best regards,
Mik-

[Note:  The elm exploit wasn't posted, but is just standard buffer overflow code. Stick in NLSPATH environmental variable.  --Fyodor]

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:

All OS's	Linux	Solaris/SunOS	Micro$oft
*BSD	Macintosh	AIX	IRIX
ULTRIX/Digital UNIX	HP/UX	SCO	Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources: