On Fri, Nov 03, 2000 at 06:15:16PM +0100, Robert Varga wrote: > > is the debianized pine4.21 vulnerable to the long From address buffer > overflow vulnerability, which is corrected in 4.30 upstream? pine is riddled with buffer overflows, its considered unfixable without totally throwing away 100% of the code and starting over. why would anyone do that when we have mutt which is a far superior and Free replacement. try this: (iirc) $ export HOME=`perl -e 'print "a" x 10000'` $ pine it should segfault. good indication of a buffer overflow there. if you won't apt-get --purge remove pine remove the setgid bit. pine appears to function without it. but that is no protection for users who choose to use it. best advice: switch to mutt. you can configure mutt to act like pine. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpz87NDdZKW0.pgp
Description: PGP signature