Re: Multiply bugs in MH-6.8.3 (Mail Handler program)

Alan Cox (alan@LXORGUK.UKUU.ORG.UK)
Mon, 28 Jul 1997 23:27:48 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Sacerdote: "Re: SNI-16: INN News Server Security Advisory (fwd)"
Previous message: Isaac: "Sun CDE 1.0.1: login bug"
Maybe in reply to: Matt Conover: "Multiply bugs in MH-6.8.3 (Mail Handler program)"
Next in thread: Matt Conover: "Re: Multiply bugs in MH-6.8.3 (Mail Handler program)"

> ruserpass(host,&user,&pass); is found in msgchk.c, in checkremote() or
> something like that... meaning that the host aren't vulnerable if not
> configured.. this is from a system where mh was installed w/o being

Also that means ruserpass() from libc isnt being used which is probably
bad as most libc's have this fixed. (The hole above btw is in all the old
BSD derived libc's) but very very few current ones.

Next message: David Sacerdote: "Re: SNI-16: INN News Server Security Advisory (fwd)"
Previous message: Isaac: "Sun CDE 1.0.1: login bug"
Maybe in reply to: Matt Conover: "Multiply bugs in MH-6.8.3 (Mail Handler program)"
Next in thread: Matt Conover: "Re: Multiply bugs in MH-6.8.3 (Mail Handler program)"