Vulnerability Development mailing list archives

Re: pine overflow

From: "Kurt Seifried" <bugtraq () seifried org>
Date: Sat, 23 Feb 2002 14:35:35 -0700

Stupid question: Is there even a small chance of it being exploitable ?


Based on pine's previous track record: yes.

A short list (there is more):

http://www.cert.org/advisories/CA-1998-09.html

http://www.linuxsecurity.com/advisories/slackware_advisory-1801.html

http://www.washington.edu/pine/changes/4.30-to-4.31.html
changelog entry: Fixed a few buffer overflow possibilities

grep the changelog for "buffer overflow". Yoikes.

[]s

-- 
 Rodrigo Barbosa                   - rodrigob at tisbrasil.com.br


Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF 
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.idefense.com/digest.html

Current thread:

pine overflow Andrei Tudorache (Feb 21)
- Re: pine overflow Jose Nazario (Feb 21)
- Re: pine overflow Rodrigo Barbosa (Feb 23)
  - Re: pine overflow Kurt Seifried (Feb 23)
- <Possible follow-ups>
- Re: pine overflow Wodahs Latigid (Feb 22)
- Re: pine overflow Wodahs Latigid (Feb 22)