Full Disclosure mailing list archives
Questions Regarding PINE Integer Overflow
From: "dragoneyes yep." <dragon_eyes1492 () yahoo com>
Date: Fri, 12 Sep 2003 18:08:56 -0700 (PDT)
Hi all. I have looked at the related code in PINEs source tree, and I am wondering about a few things relating to the PINE integer overflow. First, the signed integer n is supposed to be user controlled, but I am not completely sure yet how a user contorls the value of this variable. Also, it appears that exploit code would need to be placed in a MIME header (RFC 2231), yet I am unsure of how to go about constructing a fake header. I would be most appreactive to anyone who can help me with these issues or can offer any additional information about the bug itself. I am a novice and I have not been exploiting very long, so assistance would be most helpful. Cheers __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Questions Regarding PINE Integer Overflow dragoneyes yep. (Sep 12)