Bugtraq mailing list archives

Re: elm filter program

From: wfp5p () CTHULHU ITC VIRGINIA EDU (Bill Pemberton)
Date: Mon, 13 Sep 1999 08:44:00 -0400


Cornelius Krasel writes:


"filter" is inherently unsafe. A bug has been described in 1995 which
allows reading email of anybody on the system. The description can be
found in the BugTraq archives, I believe. I include the full message
below. While it was written in 1995, it still works with the filter
version of Elm 2.4ME+ PL35 (25) which is from 1997. (I don't know
whether there are any more recent elm versions.)


Elm 2.4ME+ PL35 is not the official version of elm.  The official
version of elm is 2.5.2 and does not include the filter program.

--
Bill Pemberton  (Elm Coordinator)              wfp5p () virginia edu
ITC/Unix Systems                               flash () virginia edu
University of Virginia

Current thread:

(no subject) Mark Ultor (Sep 09)
- Re: your mail KSR[T] Contact Account (Sep 11)
- elm filter program Cornelius Krasel (Sep 12)
  - Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Georgi Guninski (Sep 13)
    - Re: Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Olaf Titz (Sep 14)
    - Re: Hotmail security vulnerability - injecting JavaScript using Alan Cox (Sep 15)
    - Re: Hotmail security vulnerability - injecting JavaScript using<STYLE> tag Georgi Guninski (Sep 15)
    - Re: Hotmail security vulnerability - injecting JavaScript using<STYLE> tag Eivind Eklund (Sep 15)
    - [support_feedback () us-support external hp com: Security Bulletins Digest] Patrick Oonk (Sep 15)
  - Re: elm filter program Bill Pemberton (Sep 13)
  - [RHSA-1999:037-01] Buffer overflow in mars_nwe Bill Nottingham (Sep 13)
- Phrack 55 is on the virtual shelves... Jesse Whyte (Sep 12)