Pine's re-occuring nightmare (fwd)

jericho@DIMENSIONAL.COM
Mon, 01 Sep 1997 05:12:40 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: nomad@APOLLO.TOMCO.NET: "Re: Mac TCP/IP Stack glitch."
Previous message: jericho@DIMENSIONAL.COM: "Pine's re-occuring nightmare"

I guess I should have researched this a bit more. On top of 3.96 being
vulnerable, I have found a system with 3.95 that exhibits the same
behaviour. In that case, every version of Pine from 3.91 to 3.96 seems to
be vulnerable to this problem.

Perhaps a script that kills all user logins, and then runs PINE would do
the trick? :)

---------- Forwarded message ----------
Date: Mon, 1 Sep 1997 04:53:58 -0600 (MDT)
From: jericho@dimensional.com
To: Bugtraq <BUGTRAQ@NETSPACE.ORG>
Cc: pine-bugs@cac.washington.edu
Subject: Pine's re-occuring nightmare

(sorry if this has been posted.. i haven't seen anything about it yet)
(If memory serves, Sean @ Litterbox was the first to write up a problem
report and post it here.. his original 'advisory' covers this problem.
just sub in the new version number. :)

As we all know from past posts, Pine 3.91 - 3.94 had a problem where it
threw down a temporary file in /tmp that was based off its PID. The file
was mode 666 creating a symlink problem. 3.95 came out and fixed this
problem.

3.96 has the same thing. I have 3.96 running on a Linux (Slack 3.3) box,
and have verified it on a Sun 4.1.4 box as well. In both cases, the
temporary files were PID based, and mode 666 like before.

Guess this means every odd release will be more secure? :)

- Damien

Next message: nomad@APOLLO.TOMCO.NET: "Re: Mac TCP/IP Stack glitch."
Previous message: jericho@DIMENSIONAL.COM: "Pine's re-occuring nightmare"