Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_1

Bugtraq archives for 1st quarter (Jan-Mar) 1994: Re: Security problem in C news and INN

Re: Security problem in C news and INN

Rafi Sadowsky (rafitavor.openu.ac.il)
Sun, 27 Feb 1994 08:54:53 +0200 (IST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: hoodrhoodr.slip.netcom.com: "Re: Security problem in C news and INN"
Previous message: Rafi Sadowsky: "Re: Security problem in C news and INN"
In reply to: Robert Crowe: "Re: Security problem in C news and INN"
Next in thread: hoodrhoodr.slip.netcom.com: "Re: Security problem in C news and INN"

Robert Crowe wrote:
>
> In message <199402261422.AA03742tavor.openu.ac.il>, Rafi Sadowsky writes:
> >Jeroen Scheerder wrote:
> ....
> >now on BSD/386 for example /usr/bin/mail is the ucb one - which is probably
> >where the hole comes from ?
> >
>
> I just tested it under NetBSD, which I would suppose also has the ucb one,
> and the tilda escapes are *not* processed for non-interactive mailings.  I
> feel this is also very likely the case with BSD/386 (I can't test that until
> next week sometime).
>
superficial testing indicates you're right

however Henry Spencer did say that on some systems it does happen
I'm glad I don't have any (I think :-)

	Rafi

Next message: hoodrhoodr.slip.netcom.com: "Re: Security problem in C news and INN"
Previous message: Rafi Sadowsky: "Re: Security problem in C news and INN"
In reply to: Robert Crowe: "Re: Security problem in C news and INN"
Next in thread: hoodrhoodr.slip.netcom.com: "Re: Security problem in C news and INN"