Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: remote exploit on pine 4.10 - neverending story?

From: chuvakia () PUBLIC UG CS SUNYSB EDU (Anton Chuvakin)
Date: Mon, 8 Feb 1999 10:31:08 -0500

Hi there!

I reproduced what you describe on my Pine 4.10.

Can anything be done right now (not from UWash side, but from user side)?
I will also email to UWash about it.

I looked at the source and can think of nothing to permanenly cure this as
of now. The pine doesn't even allow disabling MIME and attachements.

Can a private mailcap instead of /etc/mailcap be used (the pine config
implies this)? Can a pine treatment of MIME types be changed (OPTION:
mimetype-search-path in config implies so)?

Also, in config there is a [quote]
#----------------------------------------------------------------------
FEATURE: show-plain-text-internally
This feature modifies the method Pine uses to display Text/Plain MIME
attachments from the Attachment Index screen. Normally, the "View"
command searches for any externally defined (usually via the "Mailcap"
file) viewer, and displays the selected text within that viewer.

Enabling this feature causes Pine to ignore any external viewer settings
and always display text with Pine's internal viewer.
#---------------------------------------------------------------------
I just checked - it disables the destructive impact of the "feature" you
found (but this config option is available only in later Pines).

Hope this is useful,
                           Anton A. Chuvakin
               http://www.sinc.sunysb.edu/Stu/achuvaki
-----------------------------------------------------------------------------
                   I doubt, therefore I might be.
-----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: