[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: buffer overflow in pine <= 4.21


> pine is riddled with buffer overflows, its considered unfixable
> without totally throwing away 100% of the code and starting over.  why
> would anyone do that when we have mutt which is a far superior and
> Free replacement.
> try this:
> (iirc)
> $ export HOME=3D`perl -e 'print "a" x 10000'`
> $ pine
> it should segfault.  good indication of a buffer overflow there.

While this kind of buffer overflow is nasty, (as far as I can see)
from a security point of view it is rather harmless.

If you can get pine to execute arbitrary code just by sending a
malicous mail, that's really dangerous. 


Reply to: