Bugtraq mailing list archives
Re: remote exploit on pine 4.10 - neverending story?
From: chuvakia () PUBLIC UG CS SUNYSB EDU (Anton Chuvakin)
Date: Mon, 8 Feb 1999 10:31:08 -0500
Hi there! I reproduced what you describe on my Pine 4.10. Can anything be done right now (not from UWash side, but from user side)? I will also email to UWash about it. I looked at the source and can think of nothing to permanenly cure this as of now. The pine doesn't even allow disabling MIME and attachements. Can a private mailcap instead of /etc/mailcap be used (the pine config implies this)? Can a pine treatment of MIME types be changed (OPTION: mimetype-search-path in config implies so)? Also, in config there is a [quote] #---------------------------------------------------------------------- FEATURE: show-plain-text-internally This feature modifies the method Pine uses to display Text/Plain MIME attachments from the Attachment Index screen. Normally, the "View" command searches for any externally defined (usually via the "Mailcap" file) viewer, and displays the selected text within that viewer. Enabling this feature causes Pine to ignore any external viewer settings and always display text with Pine's internal viewer. #--------------------------------------------------------------------- I just checked - it disables the destructive impact of the "feature" you found (but this config option is available only in later Pines). Hope this is useful, Anton A. Chuvakin http://www.sinc.sunysb.edu/Stu/achuvaki ----------------------------------------------------------------------------- I doubt, therefore I might be. -----------------------------------------------------------------------------
Current thread:
- Re: remote exploit on pine 4.10 - neverending story? Anton Chuvakin (Feb 08)
- Patch for remote exploit of Pine 4.10 Terence C. Haddock (Feb 08)
- RPM for RedHat 4.2 incorporating Terence's patch available bugtraq mailing list account (Feb 08)
- L0pht Advisory - Rational Software ClearCase root exploitable Dr. Mudge (Feb 08)
- Re: L0pht Advisory - Rational Software ClearCase root exploitable Oezguer Kesim (Feb 09)
- Microsoft Security Bulletin (MS99-004) aleph1 () UNDERGROUND ORG (Feb 08)
- NetBSD Security Advisory 1999-002 matthew green (Feb 08)
- Re: remote exploit on pine 4.10 - neverending story? Sergiy Zhuk (Feb 08)
- Patch for remote exploit of Pine 4.10 Terence C. Haddock (Feb 08)