[16958] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

cvs commit: ports/mail/pine4 Makefile (fwd)

daemon@ATHENA.MIT.EDU (Kris Kennaway)
Fri Sep 29 12:13:11 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.BSF.4.21.0009290030170.63575-100000@freefall.freebsd.org>
Date:         Fri, 29 Sep 2000 00:33:31 -0700
Reply-To: Kris Kennaway <kris@FREEBSD.ORG>
From: Kris Kennaway <kris@FREEBSD.ORG>
X-To:         security@freebsd.org
To: BUGTRAQ@SECURITYFOCUS.COM

It almost killed me to see this:

mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l
    4299

Don't use pine - I don't believe it is practical to make it secure. :-(

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>

---------- Forwarded message ----------
Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: ports/mail/pine4 Makefile

kris        2000/09/29 00:28:48 PDT

  Modified files:
    mail/pine4           Makefile
  Log:
  Mark FORBIDDEN: known buffer overflows exploitable by remote email.

  Parenthetically, no software which uses 4299 sprintf/strcpy/strcat
  calls can possibly be safe - I don't expect to remove this FORBIDDEN
  tag any time soon. :-(

  Revision  Changes    Path
  1.43      +3 -1      ports/mail/pine4/Makefile


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[16958] in bugtraq

cvs commit: ports/mail/pine4 Makefile (fwd)

daemon@ATHENA.MIT.EDU (Kris Kennaway)Fri Sep 29 12:13:11 2000

daemon@ATHENA.MIT.EDU (Kris Kennaway)
Fri Sep 29 12:13:11 2000