Bug 7178 - Pine: expanding env vars in URLs (from Bugtraq)
Pine: expanding env vars in URLs (from Bugtraq)
Status: CLOSED DUPLICATE of bug 3782
Product: Red Hat Linux
Classification: Retired
Component: pine (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Mike A. Harris
: Security
Depends On:
  Show dependency treegraph
Reported: 1999-11-20 11:21 EST by peterw
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-02-03 13:37:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description peterw 1999-11-20 11:21:51 EST
Pine automatically recognizes URL's in plaintext messages and makes them
hyperlinks that can launch/spawn Web browsers, typically Lynx. If a user
receives an email with a hyperlink that contains a "$", in the process of
launching the Web browser, the apparent variable will be expanded. This can
be used to trick users into running arbitrary commands eith URL's like


(which requests "http://localhost/" and executes "cp /dev/null

This has been verified with pine-4.10-3 from Red Hat 6.1 (i386).

According to the bugtraq post, newer versions of Pine have fixed this

Comment 1 Elliot Lee 2000-02-03 13:37:59 EST
*** This bug has been marked as a duplicate of 3782 ***

Note You need to log in before you can comment on or make changes to this bug.