Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_1

Bugtraq archives for 1st quarter (Jan-Mar) 1994: Re: Security problem in C news and INN

Re: Security problem in C news and INN

Casper Dik (casperfwi.uva.nl)
Sat, 26 Feb 94 12:16:20 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert Crowe: "Re: Security problem in C news and INN"
Previous message: Rafi Sadowsky: "Re: Security problem in C news and INN"
In reply to: Rafi Sadowsky: "Re: Security problem in C news and INN"
Next in thread: Casper Dik: "Re: Security problem in C news and INN"

>in the performance release of C-news both /bin & /usr/bin precede
>/usr/ucb in the default path - so /bin/mail should be called rather than
>ucbMail (at least on SunOs 4 ) - so where is the problem ?
>

The problem was originally discovered for INN.  INN insists
on using /usr/ucb/mail (BSDish systems) or /usr/bin/mailx
(System V).  Apart from the name, Mailx is identical to ucbmail.

Apart from installing the INN sec patch (it consists of
adding sed -e 's/^~/~~/' to the mail command in the 7 affected
scripts).  Disabling control altogether isn't necessary.
Only control message that generate mail to the news user
are harmful.

Another quick fix for INN is redefining the mailer program to
a script that does:

#!/bin/sh

sed -e 's/^~/~~/' | /usr/bin/mailx "$"

(Mailx should be replaced by /usr/ucb/mail if you have that)

The only tilde escapes I've seen so far have been signatures
with ~ boxes.  One of these caused ``Unknown tilde escape''
in my logfiles, with made me suspicious.

Casper

Next message: Robert Crowe: "Re: Security problem in C news and INN"
Previous message: Rafi Sadowsky: "Re: Security problem in C news and INN"
In reply to: Rafi Sadowsky: "Re: Security problem in C news and INN"
Next in thread: Casper Dik: "Re: Security problem in C news and INN"