Re: [BUG] Vulnerability in PINE

[hamors () LITTERBOX ORG (Sean B. Hamor)]

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 28 Aug 1996, Linux Mailing Lists wrote:

# I'm using PINE 3.95 on a Solaris 2.5, and it creates me the file :
#
# -rw-rw-rw-   1 root     other          5 Aug 28 17:09 .18.2c55a
#
# in the /tmp directory when i run PINE when i have new mail. Seems
# vulnerable...

The file is created mode 666 in /tmp with newer versions of PINE, however if
newer versions of PINE see that /tmp/.user_lockfile is a symbolic link it
warns the user, refuses to create the lockfile (the symbolic link is not
followed), the mailbox is opened read only, and the following is sent to
syslogd:

Aug 26 19:15:39 litterbox syslog: SECURITY PROBLEM: lock file /tmp/.302.f5a4 is a symbolic link

If the author of PINE took the time to add file checking to PINE, I don't
know why he didn't just make the mode of the file 600.

On the other hand, because the mailbox is opened read only, I can see this
as a lower level denial of service attack, if you even want to call it that.
Most Joe Schmoe users wouldn't know why they were getting that error, and
would be annoyed by the fact that they can get incoming email, but wouldn't
be able to delete any email.

Finger hamors () ishiboo com           /\_/\          mailto:hamors () litterbox org
for PGP public key block.          ( o.o )     http://www.ishiboo.com/~hamors/
alt.litterbox, The Home of TOCA     > ^ <    http://www.litterbox.org/~hamors/
 Hi!  I'm a .signature virus!  Add me to your .signature and join in the fun!


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMiTX9jU6HlxZIJ+FAQEYywf/Wy8Xi2+1LSRi7t3U7+WRjksmb+Mam93M
jrW8NZ3GEZNjhXmv8+GUvkeGFz+OTXzCl3nxT8v50EeKADjol61zY2gKYO5uAd2E
nJ1Kh5hvBXStVo6ZECihhqIGmbtgVqkUvyMcXOKFj52XSHXFhXCZDll8cVPHr62+
7nyBcfV/DWnsRONgfcdun8ZCNoT5mTHjHT/7pFaT/5v+/txje95CIywlx8ifrPeG
jxpaDbwpAWEp5naSzs6J9CAi3QUQ59vRae9SLYsHZoYinYPpded4lAmRHBldF5lT
vHPeJ7zniwgi1Ob0f2bamx2HILwyVxOx8RcJTKThWXqgJSMtAgA/cw==
=FNUP
-----END PGP SIGNATURE-----