On Tue, 22 Jun 1999, Elaich Of Hhp wrote: > A few months ago I found a bigger problem with the > charset bug then imagined. With a uuencode/uudecode > method in the charset, and an index.html of a site, it's > possible to run any program/script wanted to on the remote > system. When the email is read it launches lynx -source > and grabs the index.html which is then uudecoded and ran. > This includes root and non-root users infected. Many big > servers run pine, and having fingerd running, most of the > time allows us complete access to get every username on the > server, which then is simple to send the infected emails to > each user. > We have tested this on our own systems with full success. > These operating systems include BSD, Linux, IRIX, AIX, SCO, > and SunOS. > I'm sure this will be fixed in the newer version along > with the patch already made for the current version. > hhp-pine.tar is available to download at our site, > http://hhp.hemp.net/. > > The current pine 4.10 patch is available to download at > http://www.geek-girl.com/bugtraq/1999_1/0532.html Since this is a variant on the command-line-in-a-MIME-header exploit that was described earlier, it is defanged by the procmail sanitizer. -- John Hardin KA7OHZ jhardinat_private pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76 ----------------------------------------------------------------------- Efficiency can magnify good, but it magnifies evil just as well. So, we should not be surprised to find that modern electronic communication magnifies stupidity as *efficiently* as it magnifies intelligence. -- Robert A. Matern ----------------------------------------------------------------------- 76 days until 9/9/99
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:50:59 PDT