Just one more reason you should all use mutt.

;^>

       ~ g r @ eclipsed.net

On Tue, Nov 23, 1999 at 07:29:16PM +0100, T@W wrote:
> Passing on:
> 
> 10. Pine Environment Variable Expansion in URLS Vulnerability
> BugTraq ID: 810
> Remote: Yes
> Date Published: 1999-11-18
> Relevant URL: http://www.securityfocus.com/bid/810
> Summary:
> 
> When pine handles email formatted with or containing HTML, urls which
> contain shell variables defined on the local machine where the client is
> running are expanded when followed.  This can cause many security
> problems, ranging from sending expanded variables to webservers in the
> form of cgi parameters (and then logged to collect information about the
> target) to possibly executing arbitrary commands on the target host
> through malicious email.  The following example was given by Jim Hebert
> <jhebert@jhebert.cx> in his post to BugTraq:
> 
> 
> echo 'setenv WWW www.securityfocus.com' >> .tcshrc
> source .tcshrc
> pine
> (view a link I mailed myself like: http://$WWW )
> it works, I visit securityfocus.