On Tue, Aug 11, 1998 at 06:06:53PM -0600, Andrew Kelley wrote:
The CERT advisory (avail. at:
http://www.cert.org/advisories/CA-98.10.mime_buffer_overflows.html
says that only MIME aware mail clients are affected by this bug. Procmail
is not MIME aware (in some cases, it would be nice if it was), so I assume
that it is not affected. Am I missing something?
Regards,
Andrew
P.S. I think I am not missing something, since the CERT advisory suggests
using John Hardin's filters to *avoid* the problem.
No you aren't missing anything, but I saw a note somewhere (gah, too much
e-mail I can't keep up with it), from someone who thought there was
typical functions called in procmail that could lend themselves to
buffer overflows, which was brought on by the MIME discussion. I thought
that was on BUGTRAQ but I can't find it in the archive now.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dale Harris <rodmur(_at_)csuchico(_dot_)edu> PGP KeyID: E26EC5FD
http://www.ecst.csuchico.edu/~rodmur/
|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|+|