Date: Wed, 23 Jun 1999 15:42:55 -0400 (EDT) From: Chuck Robey <chuckr@picnic.mat.net> To: Igor Roshchin <igor@physics.uiuc.edu> Cc: imp@FreeBSD.ORG, ports@FreeBSD.ORG, pine@freebsd.ady.ro Subject: Re: hhp: Remote pine exploit. (fwd) Message-ID: <Pine.BSF.4.10.9906231541270.393-100000@picnic.mat.net> In-Reply-To: <199906231759.MAA26866@alecto.physics.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 23 Jun 1999, Igor Roshchin wrote: > > Hello! > > > FYI. (in case you haven't seen this advisory yet) > > Also: is pine 3.96 effected by this ? As with all the recent infamous MicroSoft exploits, they only work if you're innocent enough to have pine auto-start things for you. If you do that, you're asking to be hit. > > > Regards, > > Igor > > > Disclaimer: > I am not responsible for this message content, just forwarding.. > > > > ----- Forwarded message from Elaich Of Hhp ----- > > The hhp presents... > > The hhp-pine remote exploit advisory. > 6/22/99 > By: elaich of the hhp. > http://hhp.hemp.net/ > #---------------------------------------------------------# > > A few months ago I found a bigger problem with the > charset bug then imagined. With a uuencode/uudecode > method in the charset, and an index.html of a site, it's > possible to run any program/script wanted to on the remote > system. When the email is read it launches lynx -source > and grabs the index.html which is then uudecoded and ran. > This includes root and non-root users infected. Many big > servers run pine, and having fingerd running, most of the > time allows us complete access to get every username on the > server, which then is simple to send the infected emails to > each user. > We have tested this on our own systems with full success. > These operating systems include BSD, Linux, IRIX, AIX, SCO, > and SunOS. > I'm sure this will be fixed in the newer version along > with the patch already made for the current version. > hhp-pine.tar is available to download at our site, > http://hhp.hemp.net/. > > The current pine 4.10 patch is available to download at > http://www.geek-girl.com/bugtraq/1999_1/0532.html > > > Jobs/Probs/Bugs/Etc. -> hhp@hhp.hemp.net > #---------------------------------------------------------# > > -elaich > > ----------------------------------------- > elaich of the hhp. hhp-1999(c) > Email: hhp@hhp.hemp.net > Web: http://hhp.hemp.net/ > Phone: 713-451-6972 > hhp-ms: hhp.hemp.net, port:7777, pass:hhp > ----------------------------------------- > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: PGPfreeware 6.0 for non-commercial use <www.pgp.com> > mQGiBDcl8CwRBAD7xCp+A5ORiRzMLS4mPstL1aJadSCXSGyNKEZZ6kZwdO3YhLCf > 2vkeJF0OGe8KRfd8LRxP0f/3syg7lfH77m0OP8NXeoOHD48T8K4Mabp2WEJmUW0r > J6op94LjFUwqNqYuOa+bVULrotZY6iWlxBWunltu9wrqgP22RVtKAu0PVwCg/2SS > rYoDCNTH4dlzNcVcza5XuhMEALbmuKISbjeOqsVETYYMdQfr0M/m1YfztjJ2tDS7 > bGfOCFpQUFLyCUt/FHHmlInXQWUSVCgjkp0/giFoY9dX+4IB8wLgfu68BOZM5fft > I5mxI0vyBSke2kHQTqf3vQ5Yveg6gIB8WW9Pi+MAwLMS3+Hmrar+4GCUOqe9w3yi > u1q3BADcAM3VkORpkifjK8pWex1fdfvGmLBX5PBuCexl5dpeXdVC+Ktncis9u4yh > 5f/PI/g/Uk4T2D/nF5PA4tSkNvRJaPVZCXjFRfc4K+rzQxuYRePwXFgaHSk9cDnd > XBq5JM6iXLBGFIJpbbwWkftuFOaJLXdP/DqDaXkjbWXLbH9nN7QhZWxhaWNoIG9m > IGhocC4gPGhocEBoaHAuaGVtcC5uZXQ+iQBLBBARAgALBQI3JfAsBAsDAgEACgkQ > bSmqkM1thIxvkQCeIEUYJTwF5nC+T9DUcUqStqpwtiQAoIzw9fqSB026Q+w0CGWe > BPX9LD5ruQINBDcl8DMQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoB > p1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnh > V5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr > 5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4 > XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zaf > q9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICB/oCoABrcAodA+Qw > 0QOzptm6arxtaRte4a6ZQs+N4Y63+S5oKBz4/atHGGIqgcxCUaaPCxfcqRMoz6Tw > ZhxOKe3/xKA+qPRfLP19P3nHcTLZqa/orvohDu235OQHBd5Mi6sr2MUcUL1WfsU7 > fPZEjwu6d3MuXpjJUeFzNezJzIbXNzqFAVQawVH6lV+xGfqjD0zceGFGALvvGVxL > ANdmCzqjE1LFbqf1Zdd04lKYKSglX4PFz3Ly/jzi22GFxMuGf6ud4R80wUC0zBKO > RZHX3jPqjrqfbY9dq1vpBNDEugOYPqv3/lNlkoxUzKhJCZLPUcbQQs+BuNUUcRW9 > dEkl71kuiQBGBBgRAgAGBQI3JfAzAAoJEG0pqpDNbYSMFgIAoMUE0SGIfqg0oj9e > oY9AHDAScmZtAKDgKF7STtRwB4KJ6/Q9HC3gUgGBbA== > =GJ0e > -----END PGP PUBLIC KEY BLOCK----- > > ----- End of forwarded message from Elaich Of Hhp ----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ports" in the body of the message > ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@picnic.mat.net | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run picnic and jaunt, both FreeBSD-current. (301) 220-2114 | ----------------------------+----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906231541270.393-100000>