Bugtraq mailing list archives
SNI-18 pre-discovered in June 1994
From: bukys () CS ROCHESTER EDU (bukys () CS ROCHESTER EDU)
Date: Tue, 2 Sep 1997 15:44:41 -0400
-----BEGIN PGP SIGNED MESSAGE----- Regarding the SNI-18 advisory of September 1, 1997: It should have been fixed in June 1994. That's when I reported it in a "closed" setting. In May 1994 I reported, to Sun Microsystems and CERT a bug in OLD vacation code (still present in SunOS 4) -- it used popen() to send mail, and didn't check for shell metacharacters in the address. (SUN SO#1597536, CERT INFO#9883) This did cause some activity among Unix vendors. Fortunately, their recent releases at that time had already switched to using execl() instead. (Note: I don't believe there has ever been a SunOS 4 patch released for the popen() bug despite the security issue.) At the end of that discussion, on June 1, 1994, I pointed out to Sun and CERT the additional vulnerability to the "From: -C/whatever" attack, and suggested that the word be spread to all Unix vendors. Sadly, it didn't happen. Sigh. What's wrong with this picture? (Don't answer, it's rhetorical.) Liudvikas Bukys University of Rochester Computer Science Department 734 Computer Studies Building Rochester, NY 14627-0226 tel# 716-275-7747 fax# 716-461-2018 <bukys () cs rochester edu> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNAxqEQrFV5kWCvhJAQHzUAQAlrUp5RFnNeXbUhPhuTgw2OjajcWwJ6Jj MgaBf08VSD+J9xfrhHae8sINbib0iqaIsUxS710iKkTaYnsnF7H8sLo301CC1lYG QcF3AMw/19pc0rfxWyxhfaGENalHDBMvWWev04f2wWU7Q5wTnVrBhCpeVoGeo1S9 q2ZD7HjCTn0= =aa6u -----END PGP SIGNATURE-----
Current thread:
- SNI-18 pre-discovered in June 1994 bukys () CS ROCHESTER EDU (Sep 02)