Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Security problem in C news and INN
From: rafi () tavor openu ac il (Rafi Sadowsky)
Date: Fri, 25 Feb 1994 19:14:58 +0200 (IST)


Evil Pete wrote:

so, give details.

Scott


there are shell scripts in Cnews and INN that pass the message to
ucbMail, where one can do ~ escapes.


              -Pete

in the performance release of C-news both /bin & /usr/bin precede
/usr/ucb in the default path - so /bin/mail should be called rather than
ucbMail (at least on SunOs 4 ) - so where is the problem ?

in any case is there any problem that wouldn't be solved by
"ln -s /bin/mail /usr/lib/news/bin" ?

        Rafi
--
+-------------------------------+---------------------------------------+
| Rafi Sadowsky                 | rafi () tavor openu ac il                |
| Comp.Sci. dept                |-[also postmaster () openu ac il]---------+
| Open University of Israel     | Voice: +972-3-6460592                 |
| Tel-Aviv, Israel              | Fax:   +972-3-6460483                 |
+-------------------------------+---------------------------------------+



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault