> >> i just read this url
http://www.abraxis.co.uk/SA-2001-11-08.html
> >
> >> some of you might want to know
> >
> > If you insist on using YAM and AWNPIPE, there is a sort of fix. Rename
> > AWNPIPE in DEVS:DOSDrivers and change the name in any AWNPipe scripts you
> > run (stringer is handy for this).
> >
> > It's not a real fix, the insecurity is still there, but no one knows the
> > name of the pipe to send it too.
> >
> > This is a serious risk, it is possible to erase a hard drive partition
> > with this exploit.
> >
> >
> > Cheers
> >
> > Neil
>
> Neil, I checked devs:dosdrivers, and found a program called Pipe, is this
> the same thing? The only awnpipe on my system is L:awnpipe-handler. This
> is the case in my other machine too, also an independent install of 3.9.
> I don't have it in User-Startup either, as someone on the YAMML mentioned.
Mike
I don't know if Neil is on this list (his msg was posted to the AWNPipe list:)
but to answer.
if you do not have the AWNPIPE descriptor file in devs/dosdrivers then it is
only mounted when it is needed.
the URL that showed the risks mainly spoke about APIPE and only mentioned
AWNPipe but did not mention the normal ADos PIPE.
a better fix would be to make YAM (or whatever) check to see if AWNPipe: is
mounted and if it is un-mount it before using yam.
this could be done by using an ARexx command set as YAM's startup-script (or
before getting mail)
the following script should be either saved as a script file in REXX and called
from your prog or cut-n-pasted into an existing
startup-script
something like this...
-----snip------------
/* ARexx script run before yam... */
call addlib('rexxsupport.library',0,-30,0)
if showlist(h,'AWNPIPE') then do
address command
'assign AWNPIPE: dismount'
'assign AWNPIPE remove'
end
if showlist(h,'AWNPIPE') then say 'Error Removing AWNPipe: device'
-----snip------------
to explain the above script
rexxsupport.library is opened to use showlist()
showlist() checks if AWNPipe: is mounted.
if it is it tries to un-mount it.
then a final check to report if it's still mounted.
try to use something like this for (or as part of) any startup script for the
offending programs (YAM / StrICQ / ect)
BTW. Make sure no patches like MCP's AutoMount are set up to auto-mount AWNPipe:
the report mentioned ANY MUI internet prog so i guess it includes V and IB as
well ?
also the report mainly spoke of APIPE: the above script can be modified by
changing the references to AWNPipe: to whatever pipe you
want checked.
Hope this is usefull
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Offline 
Send Email