26 Apr
2004
26 Apr
'04
12:45 a.m.
On Sun, 2004-04-18 at 09:27, Wouter Van Hemel wrote:
I know about Perdition:
http://www.vergenet.net/linux/perdition/
... but I don't know how secure it is.
Well, from my sent-mail (this was fixed later):
From: Timo Sirainen tss@iki.fi To: horms@vergenet.net Subject: buffer overflow in perdition Date: 23 Oct 2002 00:48:42 +0300
token_read() doesn't seem to do any bounds checking, I could overflow buffer[] by 3k or something with "USER xxxx..etc.." with pop3. Don't know if it's exploitable.