Bugtraq mailing list archives
Re: a few bugs ...
From: roessler () MUTT ORG (Thomas Roessler)
Date: Wed, 15 Mar 2000 09:07:14 +0100
On 2000-03-13 14:31:23 -0000, Maurycy Prodeus wrote:
Mail agent programs like: standard ;P 'mail' from Berkeley Distribution or mutt, elm perhaps other :), use sendmail arguments to put email adress where luser wants to send mail. It's similar problem to crontab's or lpd's bugs. Example: if you put line with Reply-To: -X /dev/hda1 ;P or something like that :> to mail message and luser ( in this case root ) stupid pushes OK,OK,OK :) ( ofz he'd want to reply ) it may write/destroy file ( /dev/hda1 :] ). I know it isn't good example but I only wanted to show idea...
This does NOT work against mutt: (1) We use execv to start sendmail from within mutt, so no shell parsing is involved. (2) We explicitly tell sendmail to stop option processing (giving the "--" command line parameter) _before_ we start throwing externally-supplied e-mail addresses at it. Please make sure you verify your claims about security problems _before_ publishing them in public. -- http://www.mutt.org/
Current thread:
- Re: [ Hackerslab bug_paper ] Linux printtool get printer password, (continued)
- Re: [ Hackerslab bug_paper ] Linux printtool get printer password Tuomas Jormola (Mar 09)
- RealPlayer and Comet Cursor Keela Robison (Mar 09)
- Fwd: ircii-4.4 buffer overflow bladi (Feb 07)
- Re: Fwd: ircii-4.4 buffer overflow Derek Callaway (Mar 11)
- Re: RealPlayer and Comet Cursor pedward () WEBCOM COM (Mar 09)
- The Comet Cursor Sarah MacArthur (Mar 09)
- Network File Resource Vulnerability Eric Hacker (Mar 09)
- Re: Network File Resource Vulnerability David LeBlanc (Mar 11)
- misc. cross site scripting issues Marc Slemko (Mar 12)
- a few bugs ... Maurycy Prodeus (Mar 13)
- Re: a few bugs ... Thomas Roessler (Mar 15)
- Re: a few bugs ... Michal Zalewski (Mar 17)
- Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty) Bjarni R. Einarsson (Mar 20)
- Microsoft Security Bulletin (MS00-018 Microsoft Product Security (Mar 20)
- Re: a few bugs ... Coke (Mar 20)
- Re: a few bugs ... Daniel Jacobowitz (Mar 20)
- Re: a few bugs ... Michal Zalewski (Mar 20)
- DoS with NAVIEG PAUL VanDyke (Mar 17)
- [ANNOUNCE] strace for NT tsabin () RAZOR BINDVIEW COM (Mar 13)
- Linux patch for blocking buffer overflow based attacks massimo () IAC RM CNR IT (Mar 10)
- ICQ remote DoS Philip Stoev (Mar 10)