Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Security problem in C news and INN
From: bob () speakez com (Robert Crowe)
Date: Sat, 26 Feb 1994 12:23:33 -0800

In message <199402261422.AA03742 () tavor openu ac il>, Rafi Sadowsky writes:
Jeroen Scheerder wrote:
now on BSD/386 for example /usr/bin/mail is the ucb one - which is probably
where the hole comes from ?

I just tested it under NetBSD, which I would suppose also has the ucb one,
and the tilda escapes are *not* processed for non-interactive mailings.  I
feel this is also very likely the case with BSD/386 (I can't test that until
next week sometime).

TAVOR-rafi (304)>/bin/mail -v usenet
usenet... aliased to rafi
Subject: test

 ------------------------------------------Robert Crowe                                              bob () speakez com
SpeakEasy Software,                                   (619) 576-4100 x101
8947-A Complex Drive                                San Diego, Ca.  92123
                           Fax:  (619) 576-4111

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]