From: Justin Mason (jm at domain jmason.org)
Date: Tue 09 May 2000 - 13:46:08 IST
Paul Jakma said:
> > BTW Paul are you serious about older versions of pine running attached
> > shell scripts?? That's *so* broken.
>
> not quite as bad as that. :)
> but older versions of pine had a mime-parsing bug, which meant it was
> possible to get pine to run arbitrary shell commands by sending it the
> right mime-headers. :(
I remember that one. but that's not quite in the same boat as the
running-attached-shell-script issue...
automatically running attached shell script or vbs file = stupid stupid
mailreader
bug in MIME parsing = whoops! bad code, but not quite stupid
And that "UNIX virus" mail claimed "It contains (sic) of a so-called shell
script which, when executed [...]" rather than mentioning overflowing
buffers or exploiting a bug...
I agree that theoretically you could set up a UNIX mail virus, but without
a really really badly designed security model overall (viz Outlook and
Windows) it's not going to get very far if it has to rely on various
buffer overflows and bugs in a myriad of different mailreader versions to
get itself run.
> (wouldn't be surprised if similar bugs existed in other unix mail handlers
> that parsed mime).
yep, there was a buffer overflow if I recall correctly, found in nmh a
coupla months ago :( Of course a fix was released in a few days and all
the vendors have binaries for it on their websites.
--j.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:06:04 GMT