[LINK] Eudora email moves to open source
Andy Farkas
chuzzwassa at gmail.com
Wed Nov 15 13:24:59 AEDT 2006
On 11/14/06, grove at zeta.org.au <grove at zeta.org.au> wrote:
I use PINE everywhere, even on OSX. I will never give it up.
Every time you upgrade or install pine on a FreeBSD system, you get this
reassuring message:
/usr/bin/dialog --yesno "SECURITY NOTE: The pine software has had several
remote
vulnerabilities discovered in the past, which allowed remote attackers to
execute arbitrary code
as you on your local system, by the action of sending a specially-prepared
email. All such
KNOWN problems have been fixed, but the pine code is written in a very
insecure style and
the FreeBSD Security Officer believes there are likely to be other
undiscovered vulnerabilities.
Do you wish to proceed with the installation of pine anyway?" 12 70 ||
/usr/bin/false
Another comment in the cvs logs says:
Mark FORBIDDEN: known buffer overflows exploitable by remote email.
Parenthetically, no software which uses 4299 sprintf/strcpy/strcat
calls can possibly be safe - I don't expect to remove this FORBIDDEN
tag any time soon. :-(
-andyf (long time pine user)
More information about the Link
mailing list