Bugtraq mailing list archives
Pine's re-occuring nightmare (fwd)
From: jericho () DIMENSIONAL COM (jericho () DIMENSIONAL COM)
Date: Mon, 1 Sep 1997 05:12:40 -0600
I guess I should have researched this a bit more. On top of 3.96 being vulnerable, I have found a system with 3.95 that exhibits the same behaviour. In that case, every version of Pine from 3.91 to 3.96 seems to be vulnerable to this problem. Perhaps a script that kills all user logins, and then runs PINE would do the trick? :) ---------- Forwarded message ---------- Date: Mon, 1 Sep 1997 04:53:58 -0600 (MDT) From: jericho () dimensional com To: Bugtraq <BUGTRAQ () NETSPACE ORG> Cc: pine-bugs () cac washington edu Subject: Pine's re-occuring nightmare (sorry if this has been posted.. i haven't seen anything about it yet) (If memory serves, Sean @ Litterbox was the first to write up a problem report and post it here.. his original 'advisory' covers this problem. just sub in the new version number. :) As we all know from past posts, Pine 3.91 - 3.94 had a problem where it threw down a temporary file in /tmp that was based off its PID. The file was mode 666 creating a symlink problem. 3.95 came out and fixed this problem. 3.96 has the same thing. I have 3.96 running on a Linux (Slack 3.3) box, and have verified it on a Sun 4.1.4 box as well. In both cases, the temporary files were PID based, and mode 666 like before. Guess this means every odd release will be more secure? :) - Damien
Current thread:
- Pine's re-occuring nightmare (fwd) jericho () DIMENSIONAL COM (Sep 01)