[15175] in Athena Bugs
Re: Ron Hoffmann: [pamurray@MIT.EDU: Re: CERT Advisory CA-97.14 - Vulnerability in metamail]
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Mon Jun 2 22:04:29 1997
Date: Mon, 2 Jun 1997 22:04:24 -0400 (EDT)
To: Bill Cattey <wdc@MIT.EDU>
Cc: Mike Barker <mbarker@MIT.EDU>, hoffmann@MIT.EDU, bugs@MIT.EDU,
network@MIT.EDU, pamurray@MIT.EDU
In-Reply-To: "[15174] in Athena Bugs"
From: Jonathon Weiss <jweiss@MIT.EDU>
This does not mean we're out of the woods yet.
/usr/andrew/bin/metamail is present. It was built with metamail 2.6, an
ancient version of metamail which probably has many gaping holes.
Luckily, the stuff in use from there is not widely used. At this point,
I strongly beg to differ. Since /usr/andrew/bin is in the default
user path, anyone who does not explicitly add some other mime to the
front of their path with "add -f" will get binaries from
/usr/anderw/bin.
I believe there is also a mime locker, but it is not supported by IS.
According to the README.athena file in the mime locker, the
maintainers are starflt and warlord.
--
Jonathon
