[9412] in bugtraq
Re: remote exploit on pine 4.10 - neverending story?
daemon@ATHENA.MIT.EDU (Anton Chuvakin)
Mon Feb 8 13:03:37 1999
Date: Mon, 8 Feb 1999 10:31:08 -0500
Reply-To: Anton Chuvakin <chuvakia@PUBLIC.UG.CS.SUNYSB.EDU>
From: Anton Chuvakin <chuvakia@PUBLIC.UG.CS.SUNYSB.EDU>
X-To: Michal Zalewski <lcamtuf@IDS.PL>
To: BUGTRAQ@NETSPACE.ORG
Hi there!
I reproduced what you describe on my Pine 4.10.
Can anything be done right now (not from UWash side, but from user side)?
I will also email to UWash about it.
I looked at the source and can think of nothing to permanenly cure this as
of now. The pine doesn't even allow disabling MIME and attachements.
Can a private mailcap instead of /etc/mailcap be used (the pine config
implies this)? Can a pine treatment of MIME types be changed (OPTION:
mimetype-search-path in config implies so)?
Also, in config there is a [quote]
#----------------------------------------------------------------------
FEATURE: show-plain-text-internally
This feature modifies the method Pine uses to display Text/Plain MIME
attachments from the Attachment Index screen. Normally, the "View"
command searches for any externally defined (usually via the "Mailcap"
file) viewer, and displays the selected text within that viewer.
Enabling this feature causes Pine to ignore any external viewer settings
and always display text with Pine's internal viewer.
#---------------------------------------------------------------------
I just checked - it disables the destructive impact of the "feature" you
found (but this config option is available only in later Pines).
Hope this is useful,
Anton A. Chuvakin
http://www.sinc.sunysb.edu/Stu/achuvaki
-----------------------------------------------------------------------------
I doubt, therefore I might be.
-----------------------------------------------------------------------------
