Vulnerability Development mailing list archives
Re: pine overflow
From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Thu, 21 Feb 2002 13:54:25 -0500 (EST)
On 21 Feb 2002, Andrei Tudorache wrote:
Here are some tests I've made in << PINE 4.21 >>.
grab the latest pine sources. 4.21 is old.
-rwxr-xr-x 1 root root 2680348 Aug 24 2000 /usr/bin/pine
look and see if the newer version is vulnerable to this, and then see if you can craft an email from a remote user with such an absurdly long and malformed attachment name to remotely overflow it. that would be fun/interesting. ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- pine overflow Andrei Tudorache (Feb 21)
- Re: pine overflow Jose Nazario (Feb 21)
- Re: pine overflow Rodrigo Barbosa (Feb 23)
- Re: pine overflow Kurt Seifried (Feb 23)
- <Possible follow-ups>
- Re: pine overflow Wodahs Latigid (Feb 22)
- Re: pine overflow Wodahs Latigid (Feb 22)