![bugtraq logo](/images/bugtraq-logo.png)
Bugtraq mailing list archives
Re: [BUG] Vulnerability in PINE
From: hamors () LITTERBOX ORG (Sean B. Hamor)
Date: Wed, 28 Aug 1996 19:36:11 -0400
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 28 Aug 1996, Linux Mailing Lists wrote: # I'm using PINE 3.95 on a Solaris 2.5, and it creates me the file : # # -rw-rw-rw- 1 root other 5 Aug 28 17:09 .18.2c55a # # in the /tmp directory when i run PINE when i have new mail. Seems # vulnerable... The file is created mode 666 in /tmp with newer versions of PINE, however if newer versions of PINE see that /tmp/.user_lockfile is a symbolic link it warns the user, refuses to create the lockfile (the symbolic link is not followed), the mailbox is opened read only, and the following is sent to syslogd: Aug 26 19:15:39 litterbox syslog: SECURITY PROBLEM: lock file /tmp/.302.f5a4 is a symbolic link If the author of PINE took the time to add file checking to PINE, I don't know why he didn't just make the mode of the file 600. On the other hand, because the mailbox is opened read only, I can see this as a lower level denial of service attack, if you even want to call it that. Most Joe Schmoe users wouldn't know why they were getting that error, and would be annoyed by the fact that they can get incoming email, but wouldn't be able to delete any email. Finger hamors () ishiboo com /\_/\ mailto:hamors () litterbox org for PGP public key block. ( o.o ) http://www.ishiboo.com/~hamors/ alt.litterbox, The Home of TOCA > ^ < http://www.litterbox.org/~hamors/ Hi! I'm a .signature virus! Add me to your .signature and join in the fun! -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMiTX9jU6HlxZIJ+FAQEYywf/Wy8Xi2+1LSRi7t3U7+WRjksmb+Mam93M jrW8NZ3GEZNjhXmv8+GUvkeGFz+OTXzCl3nxT8v50EeKADjol61zY2gKYO5uAd2E nJ1Kh5hvBXStVo6ZECihhqIGmbtgVqkUvyMcXOKFj52XSHXFhXCZDll8cVPHr62+ 7nyBcfV/DWnsRONgfcdun8ZCNoT5mTHjHT/7pFaT/5v+/txje95CIywlx8ifrPeG jxpaDbwpAWEp5naSzs6J9CAi3QUQ59vRae9SLYsHZoYinYPpded4lAmRHBldF5lT vHPeJ7zniwgi1Ob0f2bamx2HILwyVxOx8RcJTKThWXqgJSMtAgA/cw== =FNUP -----END PGP SIGNATURE-----
Current thread:
- Tired of /tmp? Here's a proposed solution, (continued)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)
- Re: Tired of /tmp? Here's a proposed solution Guido M. Witmond (Aug 27)
- Re: Tired of /tmp? Here's a proposed solution Thomas Koenig (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution Sean B. Hamor (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution mdr () vodka sse att com (Aug 28)
- Rlogin vulnerabilty Gabriele Avosani (Aug 28)
- Tired of /tmp? Here's a proposed solution Igor Chudov @ home (Aug 26)
- Re: Tired of /tmp? Here's a proposed solution Matthew J Brown (Aug 28)
- ftpbounce-0.1.tar.gz Rune Braathen (Aug 27)
- Re: [BUG] Vulnerability in PINE Linux Mailing Lists (Aug 28)
- Re: [BUG] Vulnerability in PINE Sean B. Hamor (Aug 28)
- Re: [BUG] Vulnerability in PINE Jason Haar (Aug 29)
- HOLE: Unixware 2.03: crontab -e Hannu Laurila (Aug 29)