Re: buffer overflow in pine <= 4.21

To: debian-security@lists.debian.org
Subject: Re: buffer overflow in pine <= 4.21
From: "Thomas Gebhardt" <gebhardt@HRZ.Uni-Marburg.DE>
Date: Mon, 06 Nov 2000 09:54:03 +0100
Message-id: <[🔎] 200011060854.JAA04683@pcrz64.HRZ.Uni-Marburg.DE>
In-reply-to: erbenson's message of Fri, 03 Nov 2000 23:40:24 -0900. <[🔎] 20001103234024.S2367@plato.local.lan>

Hi,

> pine is riddled with buffer overflows, its considered unfixable
> without totally throwing away 100% of the code and starting over.  why
> would anyone do that when we have mutt which is a far superior and
> Free replacement.
> 
> try this:
> 
> (iirc)
> 
> $ export HOME=3D`perl -e 'print "a" x 10000'`
> 
> $ pine
> 
> it should segfault.  good indication of a buffer overflow there.

While this kind of buffer overflow is nasty, (as far as I can see)
from a security point of view it is rather harmless.

If you can get pine to execute arbitrary code just by sending a
malicous mail, that's really dangerous. 

Thomas

Reply to:

Follow-Ups:
- Re: buffer overflow in pine <= 4.21
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Re: buffer overflow in pine <= 4.21
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: Configuring ssh
Next by Date: Re: Configuring ssh
Previous by thread: Re: buffer overflow in pine <= 4.21
Next by thread: Re: buffer overflow in pine <= 4.21
Index(es):
- Date
- Thread