Hide Forgot
Lately, I found out that pine 4.10, which ships with Red Hat's latest distributions, has a buggy pico. We can easily overflow pico while it is evaluating command-line arguments, thus forcing it to leave a coredump. Although I haven't checked out pine's source, yet, I suspect there's a badly written strcpy() out there. Just start pico and feed it with a 101+ character long filename. It should immeadiately die. I informed the UW PINE maintainers, and the latest versions are already fixed. Therefore, 4.20 is not affected. BTW, joe is also vulnerable. Cheers, Joao "zhp" Sacramento
We've updated to 4.21 a while ago - that should fix it.