Re: pine overflow

From: Rodrigo Barbosa (rodrigobat_private)
Date: Fri Feb 22 2002 - 10:47:00 PST

Next message: Alex Lambert: "Re: mIRC backdoors - an advanced overview"

Previous message: Donald Sharp: "Re: [Fwd: Help needed with bufferoverflow in cvs]"
In reply to: Andrei Tudorache: "pine overflow"
Next in thread: Kurt Seifried: "Re: pine overflow"
Reply: Kurt Seifried: "Re: pine overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tested with Conectiva Linux.

On Thu, Feb 21, 2002 at 07:56:42AM -0000, Andrei Tudorache wrote:
> Here are some tests I've made in << PINE 4.21 >>.

pine-4.44L-1cl

> [root@softly /root]# pine  -attach `perl -e 'print "A" x 
> 20429'`
> Segmentation fault (core dumped)
> [root@softly /root]#

core: ELF 32-bit LSB core file of 'pine' (signal 11), Intel 80386, version 1 (SYSV), from 'pine'

Veredict: Vulnerable.

Stupid question: Is there even a small chance of it being exploitable ?

[]s

-- 
 Rodrigo Barbosa                   - rodrigob at tisbrasil.com.br
 TIS 				   - Belo Horizonte, MG, Brazil
 "Quis custodiet ipsos custodes?"  - http://www.tisbrasil.com.br/
 Brainbench Certified -> Transcript ID #3332104

Next message: Alex Lambert: "Re: mIRC backdoors - an advanced overview"
Previous message: Donald Sharp: "Re: [Fwd: Help needed with bufferoverflow in cvs]"
In reply to: Andrei Tudorache: "pine overflow"
Next in thread: Kurt Seifried: "Re: pine overflow"
Reply: Kurt Seifried: "Re: pine overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Feb 23 2002 - 05:45:56 PST