oss-sec mailing list archives
Re: CVE request - fetchmail 6.3.11-.13 heap overflow in verbose X.509 cert display (only printable chars)
From: Nico Golde <oss-security+ml () ngolde de>
Date: Thu, 4 Feb 2010 13:28:41 +0100
Hey, * Matthias Andree <matthias.andree () gmx de> [2010-02-04 11:04]: [...]
This might be exploitable to inject code if - fetchmail is run in verbose mode AND - the host running fetchmail considers char unsigned
Imho this needs to say signed, not unsigned. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE request - fetchmail 6.3.11-.13 heap overflow in verbose X.509 cert display (only printable chars) Matthias Andree (Feb 04)
- Re: CVE request - fetchmail 6.3.11-.13 heap overflow in verbose X.509 cert display (only printable chars) Nico Golde (Feb 04)
- Fwd: CVE request - fetchmail 6.3.11-.13 heap overflow in verbose X.509 cert display (only printable chars) Matthias Andree (Feb 09)