[Previous] [Next] [Index]
[Thread]
Undeliverable Message
To: "World Wide Web Security" <WWW-SECURITY@ns2.rutgers.edu>
Cc:
Subject: Re: BoS: CERT Advisory CA-96.11 - Interpreters in CGI bin Dire
Message not delivered to recipients below. Press F1 for help with VNM
error codes.
VNM3043: Patrick Wong@IT@IM
VNM3043 -- MAILBOX IS FULL
The message cannot be delivered because the
recipient's mailbox contains the maximum number of
messages, as set by the system administrator. The
recipient must delete some messages before any
other messages can be delivered.
The maximum message limit for a user's mailbox is
10,000. The default message limit is 1000 messages.
Administrators can set message limits using the
Mailbox Settings function available in the
Manage User menu (MUSER).
When a user's mailbox reaches the limit, the
user must delete some of the messages before
the mailbox can accept any more incoming messages.
---------------------- Original Message Follows ---------------------------BEGIN PGP SIGNED MESSAGE-----
On 29 May 96 18:15:58 EDT David Kennedy <76702.3557@compuserve.com> wrote:
<snip>
> Further reading:
>
> Tom Christiansen has a Web page with details about this problem
> and a script that can be used to test for it:
> http://perl.com/perl/news/latro-announce.htm
>
> Lincoln Stein's WWW Security FAQ includes a section on "Problems
> with Specific Servers," which discusses this and related problems:
> http://www.genome.wi.mit.edu/WWW/faqs/www-security-faq.htm
>
It didn't sink in how serious the situation is, until going to the first link
at perl.com above.
To get everyone's attention as to HOW serious, the web page starts out,
``Urgent Security Announcement
How'd you like to let anyone anywhere run any program they feel like on your
system, even sending you new ones of their own devising? Sound frightening?
Well, that's what's going on out there.''
It goes on to describe the software culprit, a threat ``called latro, a
program anyone can use to run any program they feel like on any system so
unfortunate as to have ignored those warnings. If I hadn't written it,
someone else would have.''
There's a note with the assurance: ``This problem probably affects only
amateur machines: those running Microsoft or Apple operating systems.''
Although I find this reassuring, I'd still like to know if anyone on the
list as experienced an attack from latro or other mechanisms, and if so,
to please relay their experiences and solutions here. Thanks.
Gene
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMa9vd84N33uf66GRAQELLwQAlxqywHyOkIKGjWXAmFLq0KDlDTccwcQo
Z1kmVSy4a5NzHpJVjnisbSJZtLe3OonHRDh8GT7PbLKbu9S+iX91KaPDIx1bueKH
EpFryTcZZfVpY5j23MDTfPoAVjKF7ypIrvBho15AUSUZY3ONQBCYiPy5KMwZc8hQ
CcSMN2woiSM=
=s1TA
-----END PGP SIGNATURE-----
--
``Imagine if every Thursday your shoes exploded if you tied them
the usual way. This happens to us all the time with computers,
and nobody thinks of complaining.'' -Jeff Raskin
______ gene@cup.hp.com
/\__ _\ ingram@pubs.holosys.com
\/_/\ \/ ___ __ _ __ __ ___ ___
\ \ \ /' _ `\ /'_ `\/\`'__\/'__`\ /' __` __`\
\_\ \__/\ \/\ \/\ \L\ \ \ \//\ \L\.\_/\ \/\ \/\ \
/\_____\ \_\ \_\ \____ \ \_\\ \__/.\_\ \_\ \_\ \_\
\/_____/\/_/\/_/\/___L\ \/_/ \/__/\/_/\/_/\/_/\/_/
/\____/
________________________\_/__/____________________________________
PGP UserID: "Gene Ingram <gene@cup.hp.com>"
Key Size: 1024 bits; Creation date: 21 March 1996; KeyID: 9FEBA191
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
--3D signature created courtesy of ``Figlet Ascii Font Converter''
<http://mediacube.datacom.de/cgi-bin/moniteurs/figlet>