Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_1

Bugtraq archives for 1st quarter (Jan-Mar) 1994: Re: Security problem in C news and INN

Re: Security problem in C news and INN

Robert Crowe (bobspeakez.com)
Sat, 26 Feb 1994 12:23:33 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rafi Sadowsky: "Re: Security problem in C news and INN"
Previous message: Casper Dik: "Re: Security problem in C news and INN"
In reply to: Rafi Sadowsky: "Re: Security problem in C news and INN"
Next in thread: Rafi Sadowsky: "Re: Security problem in C news and INN"

In message <199402261422.AA03742tavor.openu.ac.il>, Rafi Sadowsky writes:
>Jeroen Scheerder wrote:
....
>now on BSD/386 for example /usr/bin/mail is the ucb one - which is probably
>where the hole comes from ?
>

I just tested it under NetBSD, which I would suppose also has the ucb one,
and the tilda escapes are *not* processed for non-interactive mailings.  I
feel this is also very likely the case with BSD/386 (I can't test that until
next week sometime).

>	Rafi
>-
>TAVOR-rafi (304)>/bin/mail -v usenet
>usenet... aliased to rafi
>Subject: test
>123
>
 ------------------------------------------Robert Crowe                                              bobspeakez.com
SpeakEasy Software,                                   (619) 576-4100 x101
8947-A Complex Drive                                San Diego, Ca.  92123
                           Fax:  (619) 576-4111

Next message: Rafi Sadowsky: "Re: Security problem in C news and INN"
Previous message: Casper Dik: "Re: Security problem in C news and INN"
In reply to: Rafi Sadowsky: "Re: Security problem in C news and INN"
Next in thread: Rafi Sadowsky: "Re: Security problem in C news and INN"