Vulnerability Development mailing list archives

Re: pine overflow

From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Thu, 21 Feb 2002 13:54:25 -0500 (EST)

On 21 Feb 2002, Andrei Tudorache wrote:

Here are some tests I've made in << PINE 4.21 >>.


grab the latest pine sources. 4.21 is old.

-rwxr-xr-x    1 root     root      2680348 Aug 24
2000 /usr/bin/pine


look and see if the newer version is vulnerable to this, and then see if
you can craft an email from a remote user with such an absurdly long and
malformed attachment name to remotely overflow it. that would be
fun/interesting.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

pine overflow Andrei Tudorache (Feb 21)
- Re: pine overflow Jose Nazario (Feb 21)
- Re: pine overflow Rodrigo Barbosa (Feb 23)
  - Re: pine overflow Kurt Seifried (Feb 23)
- <Possible follow-ups>
- Re: pine overflow Wodahs Latigid (Feb 22)
- Re: pine overflow Wodahs Latigid (Feb 22)