[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#352482: metamail: crashes with very long boundaries in messages

> BTW, what is in ./metamail, rather than ./src/metamail/??

I don't know. I noticed that the source is included twice, but I haven't looked into why that is the case. FWIW, if you just patch the source in src and not in ., the resulting binaries seem to be fixed.

> > I have found that metamail crashes when processing messages with
> > very long boundaries. They cause a buffer overflow, which doesn't
> > seem to be exploitable:

> How is this not [potentially] exploitable?

Well, because of the error message that it prints, and because of the way things look in gdb (if I remember correctly, it crashes in strtok() or some similar function).  I've been taught that this signifies not being exploitable, but I may be wrong.

What do the others in the Debian Security Audit Project think about this?

// Ulf

Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com

Powered by Outblaze

Reply to: