Bugtraq mailing list archives
Re: elm filter program
From: wfp5p () CTHULHU ITC VIRGINIA EDU (Bill Pemberton)
Date: Mon, 13 Sep 1999 08:44:00 -0400
Cornelius Krasel writes:
"filter" is inherently unsafe. A bug has been described in 1995 which allows reading email of anybody on the system. The description can be found in the BugTraq archives, I believe. I include the full message below. While it was written in 1995, it still works with the filter version of Elm 2.4ME+ PL35 (25) which is from 1997. (I don't know whether there are any more recent elm versions.)
Elm 2.4ME+ PL35 is not the official version of elm. The official version of elm is 2.5.2 and does not include the filter program. -- Bill Pemberton (Elm Coordinator) wfp5p () virginia edu ITC/Unix Systems flash () virginia edu University of Virginia
Current thread:
- (no subject) Mark Ultor (Sep 09)
- Re: your mail KSR[T] Contact Account (Sep 11)
- elm filter program Cornelius Krasel (Sep 12)
- Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Georgi Guninski (Sep 13)
- Re: Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Olaf Titz (Sep 14)
- Re: Hotmail security vulnerability - injecting JavaScript using Alan Cox (Sep 15)
- Re: Hotmail security vulnerability - injecting JavaScript using<STYLE> tag Georgi Guninski (Sep 15)
- Re: Hotmail security vulnerability - injecting JavaScript using<STYLE> tag Eivind Eklund (Sep 15)
- [support_feedback () us-support external hp com: Security Bulletins Digest] Patrick Oonk (Sep 15)
- Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Georgi Guninski (Sep 13)
- Re: elm filter program Bill Pemberton (Sep 13)
- [RHSA-1999:037-01] Buffer overflow in mars_nwe Bill Nottingham (Sep 13)