Bugtraq mailing list archives
Re: Pine 4.33 (at least) URL handler allows embedded commands.
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sun, 6 Jan 2002 17:37:43 -0500 (EST)
On Sat, 5 Jan 2002, zen-parse wrote:
Problem: URL handler allows embedded commands.
May allow email viruses of the Outlook kind.
http://address/'&/some/program${IFS}with${IFS}arguments&'
Isn't that old news? http://www.securityfocus.com/bid/810 I *can* be wrong, but it looks like it is the same problem... -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
Current thread:
- Pine 4.33 (at least) URL handler allows embedded commands. zen-parse (Jan 05)
- Re: Pine 4.33 (at least) URL handler allows embedded commands. Michal Zalewski (Jan 07)
- Re: Pine 4.33 (at least) URL handler allows embedded commands. zen-parse (Jan 08)
- Re: Pine 4.33 (at least) URL handler allows embedded commands. Roman Drahtmueller (Jan 08)
- Re: Pine 4.33 (at least) URL handler allows embedded commands. Michal Zalewski (Jan 07)