Re: [SECURITY] [DSA 076-1] New most packages available

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 076-1] New most packages available
From: Tim van Erven <tripudium@chello.nl>
Date: Wed, 19 Sep 2001 01:17:07 +0200
Message-id: <[🔎] 20010919011707.A15735@koan.dhs.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20010918172241.A19470@mp3revolution.net>
References: <20010918163640.K22176@finlandia.infodrom.north.de> <20010918155425.A18855@mp3revolution.net> <udlk7ywtdq0.fsf@multics.mit.edu> <[🔎] 20010918172241.A19470@mp3revolution.net>

On Tue, Sep 18, 2001 at 05:22:41PM -0400, Andres Salomon <dilinger@mp3revolution.net> wrote:

> On Tue, Sep 18, 2001 at 05:01:59PM -0400, Aaron M. Ucko wrote:
> > 
> > Andres Salomon <dilinger@mp3revolution.net> writes:
> > 
> > > How is this a remote exploit?  
> > 
> > If I know somebody uses most as a pager for mail, I can send him or
> > her a specially-formatted message which will do various nasty things
> > to his or her account.

> Aside from the fact that it's a pretty big IF; I'm not aware of too many
> mail clients that use pagers.  mutt uses vi, pine uses pico, X based MUAs
> certainly don't use most.. perhaps mail(x) or something similar use
> it, but that's not all too common.  Certainly not enough, IMO, to classify
> this as a remote exploit.

Mutt uses a builtin pager by default. An external pager can be
specified using the 'pager' variable in the muttrc file. You're
thinking of the editor.

-- 
Tim van Erven
tripudium@chello.nl
talerven@wins.uva.nl

Reply to:

References:
- Re: [SECURITY] [DSA 076-1] New most packages available
  - From: Andres Salomon <dilinger@mp3revolution.net>

Prev by Date: Re: [SECURITY] [DSA 076-1] New most packages available
Next by Date: Re: [SECURITY] [DSA 076-1] New most packages available
Previous by thread: Re: [SECURITY] [DSA 076-1] New most packages available
Next by thread: New IIS worm
Index(es):
- Date
- Thread