On Fri, Nov 03, 2000 at 06:15:16PM +0100, Robert Varga wrote:
>
> is the debianized pine4.21 vulnerable to the long From address buffer
> overflow vulnerability, which is corrected in 4.30 upstream?
pine is riddled with buffer overflows, its considered unfixable
without totally throwing away 100% of the code and starting over. why
would anyone do that when we have mutt which is a far superior and
Free replacement.
try this:
(iirc)
$ export HOME=`perl -e 'print "a" x 10000'`
$ pine
it should segfault. good indication of a buffer overflow there.
if you won't apt-get --purge remove pine remove the setgid bit. pine
appears to function without it. but that is no protection for users
who choose to use it.
best advice: switch to mutt. you can configure mutt to act like
pine.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
