Date: Mon, 8 Feb 1999 13:28:13 -0500
From: "Terence C. Haddock" <thaddock@POBOXES.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: Patch for remote exploit of Pine 4.10
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
--655616-1919804791-918497896=:10816
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.LNX.4.10.9902081318221.10816@zifnab.lazerdye.com>
To apply, download and un-tar the pine 4.10 source. Copy the patch
into the pine4.10 directory. Change directory to the pine4.10 directory,
and run this command:
patch -p1 < pine4.10.patch
This patch fixes the hole in Zalewski's post, it modifies
mailcap.c. Pine quotes parameters sent to scripts with single quotes ('),
and correctly escapes single quotes within the parameter with the sequence
'\'' (quote, slash quote quote). My patch makes it also escape backquotes
(`), replacing them with the sequence '\`'. Here at the University, our
main system running Solaris with Pine 4.10 is unaffected, it does not have
a system-wide /etc/mailcap, but many RedHat systems we run were.
This patch was sent to UW this morning, I am in no way affiliated
with them. Hopefully they'll fix the main distribution and fix any other
similar holes pine may have (I only looked for this one).
Sincerely,
Terence C. Haddock
--655616-1919804791-918497896=:10816
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME="pine4.10.patch"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.10.9902081318160.10816@zifnab.lazerdye.com>
Content-Description: Patch to Pine 4.10
Content-Disposition: ATTACHMENT; FILENAME="pine4.10.patch"
LS0tIHBpbmU0LjEwLm9yaWcvcGluZS9tYWlsY2FwLmMJV2VkIE5vdiAxOCAx
MzowMDoxNSAxOTk4DQorKysgcGluZTQuMTAvcGluZS9tYWlsY2FwLmMJTW9u
IEZlYiAgOCAwOToxNzo0NiAxOTk5DQpAQCAtOTA1LDE0ICs5MDUsMTggQEAN
CiAJCSAgICAgKiBoYXZlIHRvIHB1dCB0aG9zZSBvdXRzaWRlIG9mIHRoZSBz
aW5nbGUgcXVvdGVzLg0KIAkJICAgICAqIChUaGUgcGFybSsxMDAwIG5vbnNl
bnNlIGlzIHRvIHByb3RlY3QgYWdhaW5zdA0KIAkJICAgICAqIG1hbGljaW91
cyBtYWlsIHRyeWluZyB0byBvdmVybG93IG91ciBidWZmZXIuKQ0KKwkJCQkg
Kg0KKwkJCQkgKiBUQ0ggLSBDaGFuZ2UgMi84LzE5OTkNCisJCQkJICogQWxz
byBxdW90ZSB0aGUgYCBzbGFzaCB0byBwcmV2ZW50IGV4ZWN1dGlvbiBvZiBh
cmJpcnRyYXJ5IGNvZGUNCiAJCSAgICAgKi8NCiAJCSAgICBmb3IocCA9IHBh
cm07ICpwICYmIHAgPCBwYXJtKzEwMDA7IHArKyl7DQotCQkJaWYoKnAgPT0g
J1wnJyl7DQorCQkJaWYoKCpwID09ICdcJycpfHwoKnA9PSdgJykpeyANCiAJ
CQkgICAgKnRvKysgPSAnXCcnOyAgLyogY2xvc2luZyBxdW90ZSAqLw0KIAkJ
CSAgICAqdG8rKyA9ICdcXCc7DQotCQkJICAgICp0bysrID0gJ1wnJzsgIC8q
IGJlbG93IHdpbGwgYmUgb3BlbmluZyBxdW90ZSAqLw0KLQkJCX0NCi0JCQkq
dG8rKyA9ICpwOw0KKwkJCQkJKnRvKysgPSAqcDsgLyogcXVvdGVkIGNoYXJh
Y3RlciAqLw0KKwkJCSAgICAqdG8rKyA9ICdcJyc7ICAvKiBvcGVuaW5nIHF1
b3RlICovDQorCQkJfSBlbHNlDQorCQkJCSp0bysrID0gKnA7DQogCQkgICAg
fQ0KIA0KIAkJICAgIGZzX2dpdmUoKHZvaWQgKiopICZwYXJtKTsNCkBAIC05
NTQsNyArOTU4LDcgQEANCiAgICAgICovDQogICAgIGlmKCF1c2VkX3RtcF9m
aWxlICYmIHRtcF9maWxlKQ0KICAgICAgIHNwcmludGYodG8sIE1DX0FERF9U
TVAsIHRtcF9maWxlKTsNCi0NCisJCQ0KICAgICByZXR1cm4oY3B5c3RyKHRt
cF8yMGtfYnVmKSk7DQogfSANCiANCg==
--655616-1919804791-918497896=:10816--
