Bugtraq mailing list archives
Re: remote exploit on pine 4.10 - neverending story?
From: serge () yahoo-inc com (Sergiy Zhuk)
Date: Mon, 8 Feb 1999 17:42:03 -0800
hi On Mon, 8 Feb 1999, Anton Chuvakin wrote:
Can a private mailcap instead of /etc/mailcap be used (the pine config implies this)? Can a pine treatment of MIME types be changed (OPTION: mimetype-search-path in config implies so)?
pine v3.96 (up to 4.x), has 'mailcap-search-path' and 'mimetype-search-path'
options.
If you set them the following way, pine will read only your private files:
mailcap-search-path = ~your_login/.mailcap
mimetype-search-path = ~your_login_name/.mime.types
In addition, here is the patch for pine/mailcap.c, pine 3.96:
--- mailcap.c.orig Mon Jul 15 11:05:10 1996
+++ mailcap.c Mon Feb 8 17:26:12 1999
@@ -839,12 +839,14 @@
* have to put those outside of the single quotes.
*/
for(p = parm->value; *p; p++){
- if(*p == '\''){
+ if( (*p == '\'') || (*p=='`') ){
*to++ = '\''; /* closing quote */
*to++ = '\\';
- *to++ = '\''; /* below will be opening quote */
+ *to++ = *p; /* quoted char */
+ *to++ = '\''; /* opening quote */
}
- *to++ = *p;
+ else
+ *to++ = *p;
}
}
--
rgds,
serge
Current thread:
- Re: remote exploit on pine 4.10 - neverending story? Anton Chuvakin (Feb 08)
- Patch for remote exploit of Pine 4.10 Terence C. Haddock (Feb 08)
- RPM for RedHat 4.2 incorporating Terence's patch available bugtraq mailing list account (Feb 08)
- L0pht Advisory - Rational Software ClearCase root exploitable Dr. Mudge (Feb 08)
- Re: L0pht Advisory - Rational Software ClearCase root exploitable Oezguer Kesim (Feb 09)
- Microsoft Security Bulletin (MS99-004) aleph1 () UNDERGROUND ORG (Feb 08)
- NetBSD Security Advisory 1999-002 matthew green (Feb 08)
- Re: remote exploit on pine 4.10 - neverending story? Sergiy Zhuk (Feb 08)
- Patch for remote exploit of Pine 4.10 Terence C. Haddock (Feb 08)