[20048] in Athena Bugs
linux 9.0.19: nmh
daemon@ATHENA.MIT.EDU (Jerrad Pierce)
Thu Dec 6 00:35:38 2001
Message-Id: <200112060535.AAA19394@calloway.mit.edu>
To: bugs@MIT.EDU
Date: Thu, 06 Dec 2001 00:35:35 -0500
From: Jerrad Pierce <belg4mit@MIT.EDU>
System name: calloway.mit.edu
Type and version: i686 9.0.19
Display type: XFree86 4.0.3
Shell: /bin/tcsh
Window manager: /afs/athena/project/windowmgr/arch/@sys/bin/vtwm.gamma
What were you trying to do?
Nothing
What's wrong:
NMH has an exploitable hole:
All versions of nmh prior to 1.0.3 (as
well as MH) contained a vulnerability where
incoming mail messages with carefully
designed MIME headers could cause the
mhshow command to execute arbitrary shell
code. Though the authors of nmh are not
aware of any exploits of this hole, MH users
and users of older versions of nmh are strongly
encouraged to upgrade to the current version.
What should have happened:
Nothing
Please describe any relevant documentation references:
http://www.mhost.com/nmh/
