[1145] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Fix available for elm 2.4 filter security hole

daemon@ATHENA.MIT.EDU (jna)
Wed Sep 11 18:28:36 1996

Date: Tue, 10 Sep 1996 01:53:02 +0500
From: jna <jna@retina.net>
To: linux-security-digest@tarsier.cv.nrao.edu


I don't know if a patch has been made available for 
the security hole in ELM's filter (version 2.4PL25), 
but as of patch level 25, the bug still exists. 

Users can read the electronic mail of any user they choose  with a simple
exploit script (which has been published on the list before, so I won't
rehash it here again) 

Basically, I've written a simple, blanket (bleh!) fix for filter that
prevents filter from opening any symbolic links while it's running. 

If you know of a patch for filter that has fixed this already, let me know,
otherwise, if you need a copy of this patch, send me mail. :) 

--john

home help back first fref pref prev next nref lref last post