[EMAIL PROTECTED] (Ruud de Rooij) writes:
> Versions prior to 1.0.3 of the nmh package contained a vulnerability
> where incoming mail messages with carefully designed MIME headers could
> cause nmh's mhshow command to execute arbitrary shell code.
>
> This bug has been fixed in nmh 1.0.3 and we encourage you to upgrade
> immediately. The fixed package is available at
>
> ftp://ftp.mhost.com/pub/nmh/nmh-1.0.3.tar.gz
Note that MH (at least the latter versions with MIME support) also contains
this hole. MH users are also strongly encouraged to upgrade to nmh 1.0.3.
-----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do not post this private email address
SpeedGate Communications, Inc. | to the USENET or WWW. Thank you.
