![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Fri, 22 Sep 2000 17:32:03 -0700
To: BUGTRAQ@SECURITYFOCUS.COM
/*############## ##### ###### ## # ## # # # # # #
# #
# PINE Exploit 4.21 [ bTm ] #
# #
Proof of Concept: Pine 4.21
There exists a vulnerability in Pine 4.21 involving the
portion of code in charge of peroidically checking email
when a pine client is open.
Run pine in one window, then send an email to the account
owning that session. Switch back over and hit [Control+L]
(to check your mail).
Woohoo!
now open the core up in gdb:
#2 0x40084098 in abort () at ../sysdeps/generic/abort.c:139
#3 0x817470c in strcpy () at ../sysdeps/generic/strcpy.c:43
#4 0x8137f82 in strcpy () at ../sysdeps/generic/strcpy.c:43
#5 0x8158760 in strcpy () at ../sysdeps/generic/strcpy.c:43
#6 0x40082c28 in __restore ()
at ../sysdeps/unix/sysv/linux/i386/sigaction.c:127
#7 0xe7e2bfff in ?? ()
Cannot access memory at address 0xe7e2bfff.
Oops, my alignment could use some work.
Hello's : Mega,Loki,Lamagra,and zen-parse.
BTW: this is broken, you have to figure it out on your own how
to smuggle the shellcode in.
Any real Pentester can get this working fairly quickly.
Just be polite, don't forget to say HELO!
Arkane [bTm]
Ed. Note: code for exploiting the hole has been deleted.