[3314] in bugtraq
Re: [BUG] Vulnerability in PINE
daemon@ATHENA.MIT.EDU (Rage-303 - dmP-386sx16)
Tue Sep 3 01:17:59 1996
Date: Sun, 1 Sep 1996 13:06:56 -0600
Reply-To: Rage-303 - dmP-386sx16 <rage@dimensional.com>
From: Rage-303 - dmP-386sx16 <rage@dimensional.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.LNX.3.91.960828170909.12030A-100000@andercheran.aiind.upv.es>
On Wed, 28 Aug 1996, Linux Mailing Lists wrote:
> > So it looks as though it is a <9.94 bug.
> 9.94??? You mean 3.94??
Yes, that is what I mean.
> I'm using PINE 3.95 on a Solaris 2.5, and it creates me the file :
> -rw-rw-rw- 1 root other 5 Aug 28 17:09 .18.2c55a
> in the /tmp directory when i run PINE when i have new mail. Seems
> vulnerable...
Its not. In PINE 3.94 and above pine will check to see if the lock file is
a symlink. If it is it will not create the lock file, and will notify you
of a the security problem.
