Bugtraq mailing list archives
Re: another remote pine vunerability
From: prj () nls net (Phillip R. Jaenke)
Date: Thu, 18 Jun 1998 14:46:00 -0400
On Wed, 17 Jun 1998, Michal Zalewski wrote:
Recently I found silly remote overflow in pine. It's so simple there's no need to describe it: From: Michal Zalewski <lcamtuf@AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA From: Nemo <mnemonix () GLOBALNET CO UK>
AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAA> ...and any attempt of reading this mail will cause: Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? ()
Also, attempting to so much as download *THIS* email I'm quoting here will cause a panic in 'popclient.' pine is fine, but popclient can't retrieve email past this message.
RETR 9
+OK 3897 octets. (56 lines of message content)
DELE 1094795585
doPOP3: cleanUp: Bad file descriptor The only way to get rid of the offending message is by hand. I'd say we've stumbled on to something that could be rather painful. --Phillip R. Jaenke (prj () nls net - InterNIC: PRJ5) Head Geek, Linux@Comdex Project - http://comdex.linuxos.org/ TheGuyInCharge(tm), Ketyra Designs, Inc. "For every step I take, I find somebody stepping on my heels." --anonymous "That's IT! I'm gonna slap Dr.Watson with a malpractice suit!!" --Keihra ! I reserve the right to bill spammers for my time and disk space !
Current thread:
- Bind 4.9.6 ~ Current | X86 Exploit System Administrator (Jun 16)
- <Possible follow-ups>
- Re: Bind 4.9.6 ~ Current | X86 Exploit Sebastian Schoenberg (Jun 17)
- another remote pine vunerability Michal Zalewski (Jun 17)
- Re: another remote pine vunerability Phillip R. Jaenke (Jun 18)
- Re: another remote pine vunerability frank () sun01 ccii unipi it (Jun 18)
- Re: another remote pine vunerability Olivier Crete (Jun 18)
- Re: another remote pine vunerability Jason H. Reeves (Jun 18)
- Re: another remote pine vunerability Joan Garcia i Silano (Jun 18)
- another remote pine vunerability Michal Zalewski (Jun 17)
- Re: Bind 4.9.6 ~ Current | X86 Exploit Valentin Pavlov (Jun 18)