Bugtraq mailing list archives
Re: Security problem in C news and INN
From: casper () fwi uva nl (Casper Dik)
Date: Sat, 26 Feb 94 12:16:20 +0100
in the performance release of C-news both /bin & /usr/bin precede /usr/ucb in the default path - so /bin/mail should be called rather than ucbMail (at least on SunOs 4 ) - so where is the problem ?
The problem was originally discovered for INN. INN insists on using /usr/ucb/mail (BSDish systems) or /usr/bin/mailx (System V). Apart from the name, Mailx is identical to ucbmail. Apart from installing the INN sec patch (it consists of adding sed -e 's/^~/~~/' to the mail command in the 7 affected scripts). Disabling control altogether isn't necessary. Only control message that generate mail to the news user are harmful. Another quick fix for INN is redefining the mailer program to a script that does: #!/bin/sh sed -e 's/^~/~~/' | /usr/bin/mailx "$@" (Mailx should be replaced by /usr/ucb/mail if you have that) The only tilde escapes I've seen so far have been signatures with ~ boxes. One of these caused ``Unknown tilde escape'' in my logfiles, with made me suspicious. Casper
Current thread:
- Re: Security problem in C news and INN, (continued)
- Re: Security problem in C news and INN Perry E. Metzger (Feb 24)
- Re: Security problem in C news and INN Evil Pete (Feb 24)
- syslog security problems Mike Evans (Feb 24)
- Re: Security problem in C news and INN Jeroen Scheerder (Feb 24)
- Re: Security problem in C news and INN Rafi Sadowsky (Feb 26)
- Re: Security problem in C news and INN Robert Crowe (Feb 26)
- Re: Security problem in C news and INN Rafi Sadowsky (Feb 26)
- Re: Security problem in C news and INN hoodr () hoodr slip netcom com (Feb 27)
- Re: Security problem in C news and INN Perry E. Metzger (Feb 24)
- Re: Security problem in C news and INN Henry Spencer (Feb 25)
- Re: Security problem in C news and INN Casper Dik (Feb 26)