fetchmail-friends
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[fetchmail][PATCH] Security fix for buffer overflow on rfc822.c(nxtaddr)

2001-06-11 23:03:35
from [hmh] [Permanent Link] 
There's a nasty little  buffer overflow in rfc822.c, it is triggered by
headers longer than 512 characters, and appears to be quite exploitable.

Patch attached. Refers to Debian bug # 100394. This bug has been there
sleeping for a VERY long time... back to 5.5.3 at the very least (unless
some other code avoided calling nxtaddr in long headers back then... I
didn't check).

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Attachment: patch
Description: Text document

Attachment: pgpGitDmlQZFR.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [fetchmail]Qn: Email Server links up to other email server??, linux-net
Next by Date:  [fetchmail][fetchmail-announce] The 5.8.6 release of fetchmail is available, Eric S. Raymond
Previous by Thread:  [fetchmail]Qn: Email Server links up to other email server??, linux-net
Next by Thread:  Re: [fetchmail][PATCH] Security fix for buffer overflow on rfc822.c(nxtaddr), Henrique de Moraes Holschuh
Indexes:  [Date] [Thread] [Top] [All Lists]