[27795] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Remote pine Denial of Service

daemon@ATHENA.MIT.EDU (Erik Parker)
Sat Nov 9 12:29:35 2002

Date: Sat, 9 Nov 2002 01:56:42 -0600 (CST)
From: Erik Parker <eparker@mindsec.com>
To: =?iso-8859-1?Q?Linus_Sj=F6berg?= <lsjoberg@aland.net>
In-Reply-To: <Pine.GSO.4.44.0211071053270.28183-100000@mindsec.com>
Message-ID: <Pine.GSO.4.44.0211090155030.12792-100000@mindsec.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: 8bit


I take that back.. This DOES test positive on Solaris 8 x86, however not in
the inbox for some reason..

If you have the message in your sent-mail, it dumps pine with:

12758:  lseek(6, 9616959, SEEK_SET)                     = 9616959
12758:  read(6, " D a t e :   T h u ,   7".., 584)      = 584
12758:      Incurred fault #6, FLTBOUNDS  %pc = 0xDF9C636A
12758:        siginfo: SIGSEGV SEGV_MAPERR addr=0x73646E71
12758:      Received signal #11, SIGSEGV [caught]
12758:        siginfo: SIGSEGV SEGV_MAPERR addr=0x73646E71
12758:  sigaction(SIGILL, 0x08045ADC, 0x08045B30)       = 0
12758:  sigaction(SIGTRAP, 0x08045ADC, 0x08045B30)      = 0
12758:  sigaction(SIGEMT, 0x08045ADC, 0x08045B30)       = 0
12758:  sigaction(SIGBUS, 0x08045ADC, 0x08045B30)       = 0
12758:  sigaction(SIGSEGV, 0x08045ADC, 0x08045B30)      = 0
12758:  sigaction(SIGSYS, 0x08045ADC, 0x08045B30)       = 0
12758:  sigaction(SIGWINCH, 0x08045ADC, 0x08045B30)     = 0
12758:  sigaction(SIGQUIT, 0x08045ADC, 0x08045B30)      = 0
12758:  sigaction(SIGTSTP, 0x08045ADC, 0x08045B30)      = 0
12758:  sigaction(SIGHUP, 0x08045ADC, 0x08045B30)       = 0
12758:  sigaction(SIGALRM, 0x08045ADC, 0x08045B30)      = 0
12758:  sigaction(SIGTERM, 0x08045ADC, 0x08045B30)      = 0
12758:  sigaction(SIGINT, 0x08045ADC, 0x08045B30)       = 0
12758:  time()                                          = 1036828313
12758:  time()                                          = 1036828313
12758:      Incurred fault #6, FLTBOUNDS  %pc = 0xDF9C5B67
12758:        siginfo: SIGSEGV SEGV_MAPERR addr=0x00006D6F
12758:      Received signal #11, SIGSEGV [default]
12758:        siginfo: SIGSEGV SEGV_MAPERR addr=0x00006D6F
12758:          *** process killed ***



---
Erik Parker
---



> Erik Parker (eparker@mindsec.com) composed on Nov 7, 2002:

>
> Tests positive on Redhat 7.3, False on Solaris x86
>
>
> > Linus Sjöberg (lsjoberg@aland.net) composed today:
>
> >                            Security Advisory
> >
> >                            23rd October 2002
> >
> >            Remote pine version 4.44 denial of service
> >
> > Name:             Pine version 4.44
> > Arch:             Redhat 7.2 i386
> > Severity:         Medium
> > Vendor URL:       http://www.washington.edu/pine/
> > Author:           Linus Sjöberg (lsjoberg@aland.net)
> > Vendor notified:  14:th October 2002
> > Vendor response:  14:th October 2002
> > Vendor fix:       ??????
>
>
>
home help back first fref pref prev next nref lref last post