On Mon, Feb 13, 2006 at 12:45:46PM +0100, Ulf Harnhammar wrote:
> > How is this not [potentially] exploitable?
>
> Well, because of the error message that it prints, and because of
> the way things look in gdb (if I remember correctly, it crashes in
> strtok() or some similar function). I've bee
> BTW, what is in ./metamail, rather than ./src/metamail/??
I don't know. I noticed that the source is included twice, but I haven't looked
into why that is the case. FWIW, if you just patch the source in src and not in
., the resulting binaries seem to be fixed.
> > I have found that metamail
tag 352482 security
thanks
On Sun, Feb 12, 2006 at 10:34:54AM +0100, Ulf Harnhammar wrote:
> Subject: metamail: crashes with very long boundaries in messages
> Package: metamail
> Version: 2.7-50
BTW, what is in ./metamail, rather than ./src/metamail/??
Is it a different source version?? It has,
Subject: metamail: crashes with very long boundaries in messages
Package: metamail
Version: 2.7-50
Severity: important
Tags: patch
Hello,
I have found that metamail crashes when processing messages with very long
boundaries. They cause a buffer overflow, which doesn't seem to be exploitable:
[E
4 matches
Mail list logo
