Bugtraq mailing list archives
Pine's re-occuring nightmare
From: jericho () DIMENSIONAL COM (jericho () DIMENSIONAL COM)
Date: Mon, 1 Sep 1997 04:53:58 -0600
(sorry if this has been posted.. i haven't seen anything about it yet) (If memory serves, Sean @ Litterbox was the first to write up a problem report and post it here.. his original 'advisory' covers this problem. just sub in the new version number. :) As we all know from past posts, Pine 3.91 - 3.94 had a problem where it threw down a temporary file in /tmp that was based off its PID. The file was mode 666 creating a symlink problem. 3.95 came out and fixed this problem. 3.96 has the same thing. I have 3.96 running on a Linux (Slack 3.3) box, and have verified it on a Sun 4.1.4 box as well. In both cases, the temporary files were PID based, and mode 666 like before. Guess this means every odd release will be more secure? :) - Damien
Current thread:
- Pine's re-occuring nightmare jericho () DIMENSIONAL COM (Sep 01)
- MS responds to Exchange Server 5.0 POP3 Security problem Manley, Jim W (Sep 01)
- Re: Pine's re-occuring nightmare Mark Crispin (Sep 01)
- HP UX Bug :) Leonid S Knyshov (Sep 01)
- Re: HP UX Bug :) Brian Mitchell (Sep 02)
- in.comsat DoS vulnerability Andrew Hobgood (Sep 02)
- You can find jizz.c here T o r g (Sep 03)
- You can find jizz.c here anonymous () ANONYMOUS ORG (Sep 03)
- [linux-security] Announce: chkexploit 1.13 (fwd) iON BARRiER (Sep 04)
- Re: [linux-security] Announce: chkexploit 1.13 (fwd) W.C. Epperson (Sep 04)
- [Alert] Website's uploader.exe (from demo) vulnerable Aleph One (Sep 04)
(Thread continues...)