Re: pine overflow

From: Jose Nazario (joseat_private)
Date: Thu Feb 21 2002 - 10:54:25 PST

Next message: Wodahs Latigid: "Re: slocate bug."

Previous message: Rodrigo Barbosa: "Re: slocate bug."
In reply to: Andrei Tudorache: "pine overflow"
Next in thread: Wodahs Latigid: "Re: pine overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 21 Feb 2002, Andrei Tudorache wrote:

> Here are some tests I've made in << PINE 4.21 >>.

grab the latest pine sources. 4.21 is old.

> -rwxr-xr-x    1 root     root      2680348 Aug 24
> 2000 /usr/bin/pine

look and see if the newer version is vulnerable to this, and then see if
you can craft an email from a remote user with such an absurdly long and
malformed attachment name to remotely overflow it. that would be
fun/interesting.

____________________________
jose nazario						     joseat_private
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Next message: Wodahs Latigid: "Re: slocate bug."
Previous message: Rodrigo Barbosa: "Re: slocate bug."
In reply to: Andrei Tudorache: "pine overflow"
Next in thread: Wodahs Latigid: "Re: pine overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 21 2002 - 11:36:39 PST