Bugtraq mailing list archives

Re: Security problem in C news and INN

From: rafi () tavor openu ac il (Rafi Sadowsky)
Date: Sat, 26 Feb 1994 16:22:06 +0200 (IST)


Jeroen Scheerder wrote:


At 14:20 24/2/94 -0500, Perry E. Metzger wrote:

[...]

there are shell scripts in Cnews and INN that pass the message to
ucbMail, where one can do ~ escapes.


Would simply replacing with /bin/mail fix this?


Yes. But binmail doesn't handle aliases since it completely bypasses
sendmail (or so I've heard) and doesn't have the '-s' switch, which is
relied on (and useful) in news reportings.

eh? why do you think /bin/mail doesn't have aliases ( at least SunOS 4 it does)
now on BSD/386 for example /usr/bin/mail is the ucb one - which is probably
where the hole comes from ?

about the '-s' flag your right but just prepending an 'echo Subject: xxx'
should do the trick ( c-news doesn't use '-s' anyhow )

        Rafi
-
TAVOR-rafi (304)>/bin/mail -v usenet
usenet... aliased to rafi
Subject: test
123

Current thread:

Re: Security problem in C news and INN Scott D. Yelich (Feb 23)
- Re: Security problem in C news and INN Evil Pete (Feb 24)
  - Re: Security problem in C news and INN Perry E. Metzger (Feb 24)
    - Re: Security problem in C news and INN Evil Pete (Feb 24)
    - syslog security problems Mike Evans (Feb 24)
    - Re: Security problem in C news and INN Jeroen Scheerder (Feb 24)
    - Re: Security problem in C news and INN Rafi Sadowsky (Feb 26)
    - Re: Security problem in C news and INN Robert Crowe (Feb 26)
    - Re: Security problem in C news and INN Rafi Sadowsky (Feb 26)
    - Re: Security problem in C news and INN hoodr () hoodr slip netcom com (Feb 27)
  - Re: Security problem in C news and INN Rafi Sadowsky (Feb 25)
    - Re: Security problem in C news and INN Henry Spencer (Feb 25)
    - Re: Security problem in C news and INN Casper Dik (Feb 26)