[5038] in bugtraq
Re: Multiply bugs in MH-6.8.3 (Mail Handler program)
daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Jul 28 19:51:20 1997
Date: Mon, 28 Jul 1997 23:27:48 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: nolander@NOLANDER.PP.SE
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.970728213220.12203A-100000@nis.ml.org> from
"nolander@NOLANDER.PP.SE" at Jul 28, 97 09:47:27 pm
> ruserpass(host,&user,&pass); is found in msgchk.c, in checkremote() or
> something like that... meaning that the host aren't vulnerable if not
> configured.. this is from a system where mh was installed w/o being
Also that means ruserpass() from libc isnt being used which is probably
bad as most libc's have this fixed. (The hole above btw is in all the old
BSD derived libc's) but very very few current ones.
