|
|
ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #251 [rmail] (1 message, 667 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/251.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: Tim Seaver <tas@mcnc.org>
To: phage
Date: Mon 13:49:11 14/11/1988 EST
Subject: rmail
References:
[Thread Prev: 250]
[Thread Next: 252]
[Message Prev: 250]
[Message Next: 252]
>Date: Fri, 11 Nov 88 17:51:58 PST >From: ames!pyramid.pyramid.com!csg@ea.ecn.purdue.edu (Carl S. Gutekunst) >To: phage@purdue.edu ... >Romain pointed out that rmail's use of popen was highly questionable; we took >care of that, too, although we couldn't come up with a way to propogate the >worm by that means. (Uux eats all the characters that make popen() dangerous.) The way you get rmail to exploit the popen call is by setting up the appropriate uucp "From " line. The second word of the line is passed as the "-fsender" argument to sendmail through the popen call. Uux doesn't process the text of a message, so you can pass along whatever shell metacharacters you wish to play games with. This hole is indepenent of sendmail debug mode, so the popen really does need to go. Tim Seaver Systems Programmer Microelectronics Center of North Carolina tas@mcnc.org
END OF DOCUMENT
ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved. |