On Thu, Jan 03, 2002 at 01:14:35AM +0000, Pete Ryland wrote: > On Thu, Jan 03, 2002 at 11:27:14AM +1100, Andrew Bennetts wrote: > > From looking at the patch for it, it looks like it is a buffer overflow in > > parsing addresses in headers. I think I read somewhere that it is only a > > 1 byte overflow, but still exploitable despite that. > > It didn't look exploitable at all IMHO.
I wouldn't have thought so either, but: http://lists.debian.org/debian-security-announce/debian-security-announce-2002/msg00000.html "Even though this is a one byte overflow this is exploitable." -Andrew. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
