8769957 2002-07-24 11:54 +0200  /44 rader/ Martin J. Muench <mjm@codito.de>
Sänt av: joel@lysator.liu.se
Importerad: 2002-07-24  20:56  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Extern kopiemottagare: vuln-dev@securityfocus.com
Mottagare: Bugtraq (import) <23216>
Markerad av 1 person.
Ärende: Denial of Service bug in Pine 4.44
------------------------------------------------------------
From: "Martin J. Muench" <mjm@codito.de>
To: bugtraq@securityfocus.com
Cc: vuln-dev@securityfocus.com
Message-ID: <20020724112653.A222-100000@amazeroth.mjmnet>

Hi,

while using pine I found a small bug which causes pine to crash.

When opening a MIME encoded mail with a blank boundary, pine
will crash.

The header looks like this:

...
Content-Type: multipart/mixed; boundary=""
Mime-Version: 1.0
...

This is no dangerous bug and you can simply delete the received
messages within pine.


Patch.

This is the explanation of the maintainers:
<quote>
As for a patch that fixes this problem, such a fix already exists.  The
bug exists in the underlying c-client code, an update of which can be
obtained at ftp://ftp.cac.washington.edu/imap/imap-2002.RC2.tar.Z. The
contents of this file can be put in place of the "imap" directory in the
pine distribution, after which building pine will make use of the new
c-client code (consequently, you will need to change
SET_DISABLEAUTOMATICSHAREDNAMESPACES to SET_DISABLEAUTOSHAREDNS in
pine/pine.c).
</quote>



Martin J. Muench

www.codito.de
(8769957) /Martin J. Muench <mjm@codito.de>/--------