Test case 1300

Cves: CVE-1999-0131
Type: source code
Pairs: 1299-v1.0.0
State: good
Author: MIT
Status: candidate
Language: C
Submission Date: 09 Feb 2006

Description

Gecos Overflow: CVE-1999-0131.
Patched version.
From MIT benchmarks (models/sendmail/s2)
A buffer overflow in the code that handles user"s gecos field (real name
field) which is found in the password file.
Patched file: recipient-ok.c
Patched line numbers: 184, 308
Patched file: util-ok.c
Patched line numbers: 154, 168, 176

Flaws

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Test Suites

Testing Exploitable Buffer Overflows From Open Source Code

Have any comments on this test case? Please, send us an email.