Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Privacy :: xzxemail.htm

Xzx emulator tries to send unauthorised email



Vulnerability

    xzx

Affected

    xzx package from author's page

Description

    Prana Gunadi found  following.  XZX  is a portable  emulator of ZX
    Spectrum 48K/128K/+3  This  program tries to send  an unauthorized
    e-mail during its RPM installation (PRIVACY problem) to

        install@fantasy.muc.de

    As a  proof from  the file  /usr/src/RPM/SPECS/xzx.spec (the  post
    installation entry)

        == xzx.spec (some snipped) ==
        %post
        set +x
        sm=`type sendmail`
        if [ $? -eq 0 ]
        then
          set ${sm}
          SENDMAIL=$3
        else
          SENDMAIL=/usr/sbin/sendmail
        fi
        if [ -x ${SENDMAIL} ]
        then
          ${SENDMAIL} install@fantasy.muc.de 2>/dev/null <<- _EOF_
        Subject: install notification
        
        Version: %{Name}-%{Version}
        Date   : `date`
        User   : `whoami`
        Host   : `hostname`
        OS     : `uname -a`
        _EOF_
        fi

Solution

    The script from above belongs to the rpm package that is  supplied
    by the author and is available at

        http://www.philosys.de/~kunze/xzx/?dl

    There is not the slightest  connection between the package on  the
    distribution and the one his website.  If there are any reproaches
    then direct them to the author.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH