[26289] in bugtraq
Denial of Service bug in Pine 4.44
daemon@ATHENA.MIT.EDU (Martin J. Muench)
Wed Jul 24 14:51:09 2002
Date: Wed, 24 Jul 2002 11:54:53 +0200 (CEST)
From: "Martin J. Muench" <mjm@codito.de>
To: bugtraq@securityfocus.com
Cc: vuln-dev@securityfocus.com
Message-ID: <20020724112653.A222-100000@amazeroth.mjmnet>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi,
while using pine I found a small bug which causes pine to crash.
When opening a MIME encoded mail with a blank boundary, pine
will crash.
The header looks like this:
...
Content-Type: multipart/mixed; boundary=""
Mime-Version: 1.0
...
This is no dangerous bug and you can simply delete the received
messages within pine.
Patch.
This is the explanation of the maintainers:
<quote>
As for a patch that fixes this problem, such a fix already exists. The
bug exists in the underlying c-client code, an update of which can be
obtained at ftp://ftp.cac.washington.edu/imap/imap-2002.RC2.tar.Z. The
contents of this file can be put in place of the "imap" directory in the
pine distribution, after which building pine will make use of the new
c-client code (consequently, you will need to change
SET_DISABLEAUTOMATICSHAREDNAMESPACES to SET_DISABLEAUTOSHAREDNS in
pine/pine.c).
</quote>
Martin J. Muench
www.codito.de
