Bugtraq mailing list archives
Re: remote exploit on pine 4.10 - neverending story?
From: serge () yahoo-inc com (Sergiy Zhuk)
Date: Mon, 8 Feb 1999 17:42:03 -0800
hi On Mon, 8 Feb 1999, Anton Chuvakin wrote:
Can a private mailcap instead of /etc/mailcap be used (the pine config implies this)? Can a pine treatment of MIME types be changed (OPTION: mimetype-search-path in config implies so)?
pine v3.96 (up to 4.x), has 'mailcap-search-path' and 'mimetype-search-path' options. If you set them the following way, pine will read only your private files: mailcap-search-path = ~your_login/.mailcap mimetype-search-path = ~your_login_name/.mime.types In addition, here is the patch for pine/mailcap.c, pine 3.96: --- mailcap.c.orig Mon Jul 15 11:05:10 1996 +++ mailcap.c Mon Feb 8 17:26:12 1999 @@ -839,12 +839,14 @@ * have to put those outside of the single quotes. */ for(p = parm->value; *p; p++){ - if(*p == '\''){ + if( (*p == '\'') || (*p=='`') ){ *to++ = '\''; /* closing quote */ *to++ = '\\'; - *to++ = '\''; /* below will be opening quote */ + *to++ = *p; /* quoted char */ + *to++ = '\''; /* opening quote */ } - *to++ = *p; + else + *to++ = *p; } } -- rgds, serge
Current thread:
- Re: remote exploit on pine 4.10 - neverending story? Anton Chuvakin (Feb 08)
- Patch for remote exploit of Pine 4.10 Terence C. Haddock (Feb 08)
- RPM for RedHat 4.2 incorporating Terence's patch available bugtraq mailing list account (Feb 08)
- L0pht Advisory - Rational Software ClearCase root exploitable Dr. Mudge (Feb 08)
- Re: L0pht Advisory - Rational Software ClearCase root exploitable Oezguer Kesim (Feb 09)
- Microsoft Security Bulletin (MS99-004) aleph1 () UNDERGROUND ORG (Feb 08)
- NetBSD Security Advisory 1999-002 matthew green (Feb 08)
- Re: remote exploit on pine 4.10 - neverending story? Sergiy Zhuk (Feb 08)
- Patch for remote exploit of Pine 4.10 Terence C. Haddock (Feb 08)