[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 076-1] New most packages available

On Tue, Sep 18, 2001 at 05:22:41PM -0400, Andres Salomon <dilinger@mp3revolution.net> wrote:

> On Tue, Sep 18, 2001 at 05:01:59PM -0400, Aaron M. Ucko wrote:
> > 
> > Andres Salomon <dilinger@mp3revolution.net> writes:
> > 
> > > How is this a remote exploit?  
> > 
> > If I know somebody uses most as a pager for mail, I can send him or
> > her a specially-formatted message which will do various nasty things
> > to his or her account.

> Aside from the fact that it's a pretty big IF; I'm not aware of too many
> mail clients that use pagers.  mutt uses vi, pine uses pico, X based MUAs
> certainly don't use most.. perhaps mail(x) or something similar use
> it, but that's not all too common.  Certainly not enough, IMO, to classify
> this as a remote exploit.

Mutt uses a builtin pager by default. An external pager can be
specified using the 'pager' variable in the muttrc file. You're
thinking of the editor.

Tim van Erven

Reply to: