Bugtraq mailing list archives
Re: Multiply bugs in MH-6.8.3 (Mail Handler program)
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Mon, 28 Jul 1997 23:27:48 +0100
ruserpass(host,&user,&pass); is found in msgchk.c, in checkremote() or something like that... meaning that the host aren't vulnerable if not configured.. this is from a system where mh was installed w/o being
Also that means ruserpass() from libc isnt being used which is probably bad as most libc's have this fixed. (The hole above btw is in all the old BSD derived libc's) but very very few current ones.
Current thread:
- Multiply bugs in MH-6.8.3 (Mail Handler program) Matt Conover (Jul 26)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) nolander () NOLANDER PP SE (Jul 28)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) Alan Cox (Jul 28)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) Matt Conover (Jul 28)
- bind security: fear, uncertainty, and doubts Paul A Vixie (Jul 28)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) nolander () NOLANDER PP SE (Jul 28)