On 21 Feb 2002, Andrei Tudorache wrote: > Here are some tests I've made in << PINE 4.21 >>. grab the latest pine sources. 4.21 is old. > -rwxr-xr-x 1 root root 2680348 Aug 24 > 2000 /usr/bin/pine look and see if the newer version is vulnerable to this, and then see if you can craft an email from a remote user with such an absurdly long and malformed attachment name to remotely overflow it. that would be fun/interesting. ____________________________ jose nazario joseat_private PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
This archive was generated by hypermail 2b30 : Thu Feb 21 2002 - 11:36:39 PST