Re: [Full-disclosure] mutt buffer overflow
From: Frank Denis (Jedi/Sector One) (j_at_pureftpd.org)
Date: 08/18/05
- Previous message: Ratnakumar C H: "Re: [Full-disclosure] Internet Explorer 0-Day"
- In reply to: Peter Valchev: "[Full-disclosure] mutt buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Aug 2005 12:39:45 +0159 To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Peter,
On Thu, Aug 18, 2005 at 02:57:33AM -0600, Peter Valchev wrote:
>The problem is in the mutt attachment/encoding/decoding functions,
>specifically handler.c:mutt_decode_xbit() and the buffer
>bufi[BUFI_SIZE].
Can you reproduce this if you recompile libiconv/gettext/mutt?
I reported that bug on Jul 12, but in fact it only happened with
libiconv/gettext compiled against an OpenBSD libc before the mb*() changes,
but then running libc 38.2.
An easier way to trigger this is ftp://ftp.00f.net/misc/mutt-crash-poc.mbox
But the mutt's code doesn't actually look wrong.
Best regards,
-Frank.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Ratnakumar C H: "Re: [Full-disclosure] Internet Explorer 0-Day"
- In reply to: Peter Valchev: "[Full-disclosure] mutt buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
