Bug#352482: metamail: crashes with very long boundaries in messages
> BTW, what is in ./metamail, rather than ./src/metamail/??
I don't know. I noticed that the source is included twice, but I haven't looked into why that is the case. FWIW, if you just patch the source in src and not in ., the resulting binaries seem to be fixed.
> > I have found that metamail crashes when processing messages with
> > very long boundaries. They cause a buffer overflow, which doesn't
> > seem to be exploitable:
> How is this not [potentially] exploitable?
Well, because of the error message that it prints, and because of the way things look in gdb (if I remember correctly, it crashes in strtok() or some similar function). I've been taught that this signifies not being exploitable, but I may be wrong.
What do the others in the Debian Security Audit Project think about this?
// Ulf
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com
Powered by Outblaze
Reply to: