Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Security problem in C news and INN
From: casper () fwi uva nl (Casper Dik)
Date: Sat, 26 Feb 94 12:16:20 +0100

in the performance release of C-news both /bin & /usr/bin precede
/usr/ucb in the default path - so /bin/mail should be called rather than
ucbMail (at least on SunOs 4 ) - so where is the problem ?

The problem was originally discovered for INN.  INN insists
on using /usr/ucb/mail (BSDish systems) or /usr/bin/mailx
(System V).  Apart from the name, Mailx is identical to ucbmail.

Apart from installing the INN sec patch (it consists of
adding sed -e 's/^~/~~/' to the mail command in the 7 affected
scripts).  Disabling control altogether isn't necessary.
Only control message that generate mail to the news user
are harmful.

Another quick fix for INN is redefining the mailer program to
a script that does:


sed -e 's/^~/~~/' | /usr/bin/mailx "$@"

(Mailx should be replaced by /usr/ucb/mail if you have that)

The only tilde escapes I've seen so far have been signatures
with ~ boxes.  One of these caused ``Unknown tilde escape''
in my logfiles, with made me suspicious.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]