Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: remote exploit on pine 4.10 - neverending story?

From: jhardin () WOLFENET COM (John D. Hardin)
Date: Mon, 8 Feb 1999 09:25:11 -0800

On Mon, 8 Feb 1999, Michal Zalewski wrote:


  Hmm, but take a look at this message:

************************** MIME MESSAGE FOLLOWS **************************
From: Attacker <attacker () eleet net>
To: Victim <victim () somewhere net>
Subject: Happy birthday
...
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-235065145-918425607=:319"

--8323328-235065145-918425607=:319
Content-Type: TEXT/PLAIN; charset='US-ASCII'

Make a wish...

--8323328-235065145-918425607=:319
Content-Type: TEXT/PLAIN; charset=``touch${IFS}ME``; name="logexec.c"
Content-Transfer-Encoding: BASE64
Content-Description: wish
Content-Disposition: attachment; filename="wish.c"

...it could be your last.
*************************** MIME MESSAGE ENDS ***************************


Okay, I have added `` -> " conversion to my procmail MIME sanitizer.

Michal, is that the only way to exploit this? Or should there be ` ->
' conversion as well?

See http://www.wolfenet.com/~jhardin/procmail-security.html for
details.

--
 John Hardin KA7OHZ                               jhardin () wolfenet com
 pgpk -a finger://gonzo.wolfenet.com/jhardin    PGP key ID: 0x41EA94F5
 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
  Your mouse has moved. Windows NT must be restarted for the change
  to take effect. Reboot now?  [ OK ]
-----------------------------------------------------------------------
   101 days until Star Wars episode I
Previous By Date Next
Previous By Thread Next

Current thread: