[CrackMonkey] Another nail in the Pine coffin
Don Marti
dmarti at zgp.org
Fri Sep 29 09:26:22 PDT 2000
----- Forwarded message from Kris Kennaway <kris at FREEBSD.ORG> -----
Date: Fri, 29 Sep 2000 00:33:31 -0700
From: Kris Kennaway <kris at FREEBSD.ORG>
Subject: cvs commit: ports/mail/pine4 Makefile (fwd)
To: BUGTRAQ at SECURITYFOCUS.COM
Delivered-To: dmarti at zgp.org
Approved-By: aleph1 at SECURITYFOCUS.COM
Delivered-To: bugtraq at lists.securityfocus.com
Delivered-To: bugtraq at securityfocus.com
Reply-To: Kris Kennaway <kris at FREEBSD.ORG>
X-To: security at freebsd.org
It almost killed me to see this:
mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l
4299
Don't use pine - I don't believe it is practical to make it secure. :-(
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe at alum.mit.edu>
---------- Forwarded message ----------
Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT)
From: Kris Kennaway <kris at FreeBSD.org>
To: cvs-committers at FreeBSD.org, cvs-all at FreeBSD.org
Subject: cvs commit: ports/mail/pine4 Makefile
kris 2000/09/29 00:28:48 PDT
Modified files:
mail/pine4 Makefile
Log:
Mark FORBIDDEN: known buffer overflows exploitable by remote email.
Parenthetically, no software which uses 4299 sprintf/strcpy/strcat
calls can possibly be safe - I don't expect to remove this FORBIDDEN
tag any time soon. :-(
Revision Changes Path
1.43 +3 -1 ports/mail/pine4/Makefile
----- End forwarded message -----
--
Don Marti This email brought to you
dmarti at zgp.org by the number 67 and the
http://zgp.org/~dmarti/ operator XOR.
whois DM683 Software patent reform now: http://burnallgifs.org/
More information about the Crackmonkey
mailing list