hhp: Remote pine exploit.

From: Elaich Of Hhp (hhpat_private)
Date: Tue Jun 22 1999 - 10:04:14 PDT

  • Next message: Marc: "Re: IIS 4.0 symlinks" 

                          The hhp presents...

             The hhp-pine remote exploit advisory.
                           6/22/99
                    By: elaich of the hhp.
                     http://hhp.hemp.net/
#---------------------------------------------------------#

   A  few  months  ago  I  found  a bigger problem with the
charset   bug   then  imagined.  With  a  uuencode/uudecode
method  in  the  charset, and an index.html of a site, it's
possible  to run any program/script wanted to on the remote
system.  When  the  email  is read it launches lynx -source
and  grabs  the index.html which is then uudecoded and ran.
This  includes  root and non-root users infected.  Many big
servers run pine, and having fingerd running,  most  of the
time allows us complete access to get every username on the
server, which then is simple to send the infected emails to
each user.
   We have tested this on our own systems with full success.
These  operating systems include BSD, Linux, IRIX, AIX, SCO,
and SunOS.
   I'm  sure  this will be fixed in the newer version along
with  the  patch  already  made  for  the  current version.
hhp-pine.tar   is   available  to  download  at  our  site,
http://hhp.hemp.net/.

   The  current pine 4.10 patch is available to download at
http://www.geek-girl.com/bugtraq/1999_1/0532.html


        Jobs/Probs/Bugs/Etc. -> hhpat_private
#---------------------------------------------------------#

-elaich

-----------------------------------------
elaich of the hhp.            hhp-1999(c)
Email:  hhpat_private
Web:    http://hhp.hemp.net/
Phone:  713-451-6972
hhp-ms: hhp.hemp.net, port:7777, pass:hhp
-----------------------------------------

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.0 for non-commercial use <www.pgp.com>
mQGiBDcl8CwRBAD7xCp+A5ORiRzMLS4mPstL1aJadSCXSGyNKEZZ6kZwdO3YhLCf
2vkeJF0OGe8KRfd8LRxP0f/3syg7lfH77m0OP8NXeoOHD48T8K4Mabp2WEJmUW0r
J6op94LjFUwqNqYuOa+bVULrotZY6iWlxBWunltu9wrqgP22RVtKAu0PVwCg/2SS
rYoDCNTH4dlzNcVcza5XuhMEALbmuKISbjeOqsVETYYMdQfr0M/m1YfztjJ2tDS7
bGfOCFpQUFLyCUt/FHHmlInXQWUSVCgjkp0/giFoY9dX+4IB8wLgfu68BOZM5fft
I5mxI0vyBSke2kHQTqf3vQ5Yveg6gIB8WW9Pi+MAwLMS3+Hmrar+4GCUOqe9w3yi
u1q3BADcAM3VkORpkifjK8pWex1fdfvGmLBX5PBuCexl5dpeXdVC+Ktncis9u4yh
5f/PI/g/Uk4T2D/nF5PA4tSkNvRJaPVZCXjFRfc4K+rzQxuYRePwXFgaHSk9cDnd
XBq5JM6iXLBGFIJpbbwWkftuFOaJLXdP/DqDaXkjbWXLbH9nN7QhZWxhaWNoIG9m
IGhocC4gPGhocEBoaHAuaGVtcC5uZXQ+iQBLBBARAgALBQI3JfAsBAsDAgEACgkQ
bSmqkM1thIxvkQCeIEUYJTwF5nC+T9DUcUqStqpwtiQAoIzw9fqSB026Q+w0CGWe
BPX9LD5ruQINBDcl8DMQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoB
p1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnh
V5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr
5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4
XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zaf
q9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICB/oCoABrcAodA+Qw
0QOzptm6arxtaRte4a6ZQs+N4Y63+S5oKBz4/atHGGIqgcxCUaaPCxfcqRMoz6Tw
ZhxOKe3/xKA+qPRfLP19P3nHcTLZqa/orvohDu235OQHBd5Mi6sr2MUcUL1WfsU7
fPZEjwu6d3MuXpjJUeFzNezJzIbXNzqFAVQawVH6lV+xGfqjD0zceGFGALvvGVxL
ANdmCzqjE1LFbqf1Zdd04lKYKSglX4PFz3Ly/jzi22GFxMuGf6ud4R80wUC0zBKO
RZHX3jPqjrqfbY9dq1vpBNDEugOYPqv3/lNlkoxUzKhJCZLPUcbQQs+BuNUUcRW9
dEkl71kuiQBGBBgRAgAGBQI3JfAzAAoJEG0pqpDNbYSMFgIAoMUE0SGIfqg0oj9e
oY9AHDAScmZtAKDgKF7STtRwB4KJ6/Q9HC3gUgGBbA==
=GJ0e
-----END PGP PUBLIC KEY BLOCK-----

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:50:25 PDT