Re: [SECURITY] [DSA 076-1] New most packages available

To: "Aaron M. Ucko" <amu@MIT.EDU>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 076-1] New most packages available
From: Andres Salomon <dilinger@mp3revolution.net>
Date: Tue, 18 Sep 2001 17:22:41 -0400
Message-id: <[🔎] 20010918172241.A19470@mp3revolution.net>
In-reply-to: <udlk7ywtdq0.fsf@multics.mit.edu>
References: <20010918163640.K22176@finlandia.infodrom.north.de> <20010918155425.A18855@mp3revolution.net> <udlk7ywtdq0.fsf@multics.mit.edu>

Aside from the fact that it's a pretty big IF; I'm not aware of too many
mail clients that use pagers.  mutt uses vi, pine uses pico, X based MUAs
certainly don't use most.. perhaps mail(x) or something similar use
it, but that's not all too common.  Certainly not enough, IMO, to classify
this as a remote exploit.

On Tue, Sep 18, 2001 at 05:01:59PM -0400, Aaron M. Ucko wrote:
> 
> Andres Salomon <dilinger@mp3revolution.net> writes:
> 
> > How is this a remote exploit?  
> 
> If I know somebody uses most as a pager for mail, I can send him or
> her a specially-formatted message which will do various nasty things
> to his or her account.
> 
> -- 
> Aaron M. Ucko, KB1CJC <amu@mit.edu> (finger amu@monk.mit.edu)
> 
> 

-- 
"Any OS is only as good as its admin, and you obviously suck."
	-- Ian Gulliver, http://orbz.org/mail/mansunix.txt

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 076-1] New most packages available
  - From: Craig Dickson <crdic@yahoo.com>
- Re: [SECURITY] [DSA 076-1] New most packages available
  - From: Micah Anderson <micah@riseup.net>
- Re: [SECURITY] [DSA 076-1] New most packages available
  - From: Tim van Erven <tripudium@chello.nl>

Prev by Date: Re: i am experincing intrusion attempts
Next by Date: New IIS worm
Previous by thread: Re: i am experincing intrusion attempts
Next by thread: Re: [SECURITY] [DSA 076-1] New most packages available
Index(es):
- Date
- Thread