Re: buffer overflow in pine <= 4.21

To: Thomas Gebhardt <gebhardt@HRZ.Uni-Marburg.DE>
Cc: debian-security@lists.debian.org
Subject: Re: buffer overflow in pine <= 4.21
From: Ethan Benson <erbenson@alaska.net>
Date: Mon, 6 Nov 2000 07:10:14 -0900
Message-id: <[🔎] 20001106071014.N2367@plato.local.lan>
In-reply-to: <[🔎] 200011060854.JAA04683@pcrz64.HRZ.Uni-Marburg.DE>; from gebhardt@HRZ.Uni-Marburg.DE on Mon, Nov 06, 2000 at 09:54:03AM +0100
References: <[🔎] 20001103234024.S2367@plato.local.lan> <[🔎] 200011060854.JAA04683@pcrz64.HRZ.Uni-Marburg.DE>

On Mon, Nov 06, 2000 at 09:54:03AM +0100, Thomas Gebhardt wrote:

> > it should segfault.  good indication of a buffer overflow there.
> 
> While this kind of buffer overflow is nasty, (as far as I can see)
> from a security point of view it is rather harmless.

not if the program is question is setuid or setgid, in those cases a
user may be able to exploit the overflow to obtain elevated
privileges.   note that the .debs created by the debian pine-src
packages install pine setgid mail (uncessarily AFAICT).

> If you can get pine to execute arbitrary code just by sending a
> malicous mail, that's really dangerous. 

indeed.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpLMyPItlbBF.pgp
Description: PGP signature

Reply to:

References:
- Re: buffer overflow in pine <= 4.21
  - From: Ethan Benson <erbenson@alaska.net>
- Re: buffer overflow in pine <= 4.21
  - From: "Thomas Gebhardt" <gebhardt@HRZ.Uni-Marburg.DE>

Prev by Date: Re: Configuring ssh
Next by Date: Re: Problem with inetd and exim.
Previous by thread: Re: buffer overflow in pine <= 4.21
Next by thread: nss-ldap security bug
Index(es):
- Date
- Thread