Vulnerability Development mailing list archives

Re: pine overflow

From: Rodrigo Barbosa <rodrigob () tisbrasil com br>
Date: Fri, 22 Feb 2002 15:47:00 -0300

Tested with Conectiva Linux.

On Thu, Feb 21, 2002 at 07:56:42AM -0000, Andrei Tudorache wrote:

Here are some tests I've made in << PINE 4.21 >>.


pine-4.44L-1cl

[root@softly /root]# pine  -attach `perl -e 'print "A" x 
20429'`
Segmentation fault (core dumped)
[root@softly /root]#


core: ELF 32-bit LSB core file of 'pine' (signal 11), Intel 80386, version 1 (SYSV), from 'pine'

Veredict: Vulnerable.

Stupid question: Is there even a small chance of it being exploitable ?

[]s

-- 
 Rodrigo Barbosa                   - rodrigob at tisbrasil.com.br
 TIS                               - Belo Horizonte, MG, Brazil
 "Quis custodiet ipsos custodes?"  - http://www.tisbrasil.com.br/
 Brainbench Certified -> Transcript ID #3332104

Current thread:

pine overflow Andrei Tudorache (Feb 21)
- Re: pine overflow Jose Nazario (Feb 21)
- Re: pine overflow Rodrigo Barbosa (Feb 23)
  - Re: pine overflow Kurt Seifried (Feb 23)
- <Possible follow-ups>
- Re: pine overflow Wodahs Latigid (Feb 22)
- Re: pine overflow Wodahs Latigid (Feb 22)