[11882] in bugtraq
Re: elm filter program
daemon@ATHENA.MIT.EDU (Bill Pemberton)
Tue Sep 14 01:18:52 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <199909131244.IAA21280@cthulhu.itc.Virginia.EDU>
Date: Mon, 13 Sep 1999 08:44:00 -0400
Reply-To: Bill Pemberton <wfp5p@CTHULHU.ITC.VIRGINIA.EDU>
From: Bill Pemberton <wfp5p@CTHULHU.ITC.VIRGINIA.EDU>
X-To: krasel@wpxx02.toxi.uni-wuerzburg.de
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <m11QD8m-0004SlC@wpxx02.toxi.uni-wuerzburg.de> from "Cornelius
Krasel" at Sep 12, 1999 07:08:59 PM
Cornelius Krasel writes:
>
> "filter" is inherently unsafe. A bug has been described in 1995 which
> allows reading email of anybody on the system. The description can be
> found in the BugTraq archives, I believe. I include the full message
> below. While it was written in 1995, it still works with the filter
> version of Elm 2.4ME+ PL35 (25) which is from 1997. (I don't know
> whether there are any more recent elm versions.)
>
Elm 2.4ME+ PL35 is not the official version of elm. The official
version of elm is 2.5.2 and does not include the filter program.
--
Bill Pemberton (Elm Coordinator) wfp5p@virginia.edu
ITC/Unix Systems flash@virginia.edu
University of Virginia
