++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++WOBBLES+SECURITY+RESEARCH+TEAM+INCORPORATED+++++++++++++++++
ALERT! ALERT! INFORMATION LEAKAGE BUG IN SENDMAIL AND PINE!! ALERT! ALERT!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Hello daar WOBBLES fan! WOBBLES security RESEARCH bring you friend new
root vulnerability in Sendmail and PINE mail programs. Please don't blame
WOBBLES bad english for this advisory, because WOBBLES not listen if
you are jealous. WE all know that Theo de Raadt work for NSA covert
agent and HIS email WOBBLES do not disclose because of bad hackers!

Something WOBBLES have always wondered about is the different mail 
programs and why all the configuration files are so DIFFICULT. And
WOBBLES security professionals FIND it very annoying. WOBBLES suggest
people not to use all this funny PROGRAMS!

HERE is problem. If someone are running Sendmail THIS program secretly
adds his user name in every mail he sends! WOBBLES found this secret
information is encoded in MAIL headers that can be detected by skilled
hackers! Now your username can be stolen and used to guess your
password AND TO GET root on your machine!

Pine program is even worse, because is inserting secretly by default
your whole real name and information to From: header of every YOUR mail!
WOBBLES determines this INFORMATION is secretly taken from /etc/PASSWD
file.

EXPLOIT
*******

WOBBLES have provided a full working POC (proof of concept) exploit for
this problem so that you can BETTER understand it yourself!!! It requires
that you edit the sourcecode to make it work though hehehe so it
prevents some people from maliciously ABUSING it!  Here are the exploit!

----------------------------cute here-------------------------------------
#!/bin/sh

/usr/bin/clear
echo '[*] EXPLOIT FOR PINE          [*]'
echo '[*]    written by WOBBLES     [*]'
echo '[*] ABUSE IT AND YOU LOSE IT! [*]'
ls
echo
echo "NOW PLEASE MAIL YOUR VICTIM AT ADDRESS hackme@hackerz.com"
echo "THAT YOU WANT HER OR HIS PHOTO, HEHE."
whoami
read x
echo "NOW PLEASE WAIT FOR RE:"
id
read x
echo "NOW YOU HAVE REAL NAME!"
read x
true
echo "ENJOY WOBBLES EXPLOITZ!"

----------------------------now cut here---------------------------------