Bug#352482: metamail: crashes with very long boundaries in messages

To: "Justin Pryzby" <justinpryzby@users.sourceforge.net>, 352482@bugs.debian.org, debian-audit@shellcode.org
Subject: Bug#352482: metamail: crashes with very long boundaries in messages
From: "Ulf Harnhammar" <metaur@operamail.com>
Date: Mon, 13 Feb 2006 12:45:46 +0100
Message-id: <[🔎] 20060213114546.EDFF043842@ws5-1.us4.outblaze.com>
Reply-to: "Ulf Harnhammar" <metaur@operamail.com>, 352482@bugs.debian.org

> BTW, what is in ./metamail, rather than ./src/metamail/??

I don't know. I noticed that the source is included twice, but I haven't looked into why that is the case. FWIW, if you just patch the source in src and not in ., the resulting binaries seem to be fixed.

> > I have found that metamail crashes when processing messages with
> > very long boundaries. They cause a buffer overflow, which doesn't
> > seem to be exploitable:

> How is this not [potentially] exploitable?

Well, because of the error message that it prints, and because of the way things look in gdb (if I remember correctly, it crashes in strtok() or some similar function).  I've been taught that this signifies not being exploitable, but I may be wrong.

What do the others in the Debian Security Audit Project think about this?

// Ulf



-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com

Powered by Outblaze

Reply to:

Follow-Ups:
- Bug#352482: [Debian-audit] Re: Bug#352482: metamail: crashes with very long boundaries in messages
  - From: Max Vozeler <xam@debian.org>

Prev by Date: Processed: found
Next by Date: Bug#352482: [Debian-audit] Re: Bug#352482: metamail: crashes with very long boundaries in messages
Previous by thread: Bug#352482: marked as done (metamail: [CVE-2006-0709] crashes with very long boundaries in messages)
Next by thread: Bug#352482: [Debian-audit] Re: Bug#352482: metamail: crashes with very long boundaries in messages
Index(es):
- Date
- Thread