Re: An exploit for linux mh ver 6.8.4-5 ( update ) ...

Miquel van Smoorenburg (miquels@CISTRON.NL)
Mon, 23 Mar 1998 13:16:46 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: martin Dolphin: "Re: RAS 'save password' problems..."
Previous message: Rubens Kuhl Jr.: "Re: MS Personal Web Server"
Maybe in reply to: Catalin Mitrofan: "An exploit for linux mh ver 6.8.4-5 ( update ) ..."

In article <6f1d0j$8n9$1@defiant.cistron.nl>,
Miquel van Smoorenburg <miquels@CISTRON.NL> wrote:
>In article <Pine.LNX.3.96.980321161207.2339A-100000@mercury.redhat.com>,
>Erik Troan <ewt@REDHAT.COM> wrote:
>>On Sat, 21 Mar 1998, Catalin Mitrofan wrote:
>>
>>> host (user):~>. .mh_profile
>>> bash#
>>
>>Thanks for finding this -- I just put a fix on ftp.redhat.com.
>
>I've tried this with the Debian mh_6.8.4-17 package, and nothing happens.
>(It prints a lot of junk and then exits). Also, mh_check is installed setgid
>mail, not setuid root.

I have checked the source, and the RedHat fix. It appears that the Debian
mh_6.8.4-17 *is* vulnerable, but not with Catalin's exploit (would probably
work with some hacking).

I've placed a bugreport, and a patch, with severity "critical" into
Debian's bugsystem. There should be a fix soon.

Mike.

--
 Miquel van Smoorenburg | Our vision is to speed up time,
    miquels@cistron.nl  |   eventually eliminating it.

Next message: martin Dolphin: "Re: RAS 'save password' problems..."
Previous message: Rubens Kuhl Jr.: "Re: MS Personal Web Server"
Maybe in reply to: Catalin Mitrofan: "An exploit for linux mh ver 6.8.4-5 ( update ) ..."