[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] /usr/bin/Mail buffer overflow

Subject: Re: [cobalt-security] /usr/bin/Mail buffer overflow
From: "Stephen Rice" <support@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 3 Mar 2001 21:23:01 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

-----Original Message-----
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: 03 March 2001 19:32
Subject: [cobalt-security] /usr/bin/Mail buffer overflow

>Theres a buffer overflow on all Cobalt RaQs, most probably other Cobalt
>products also, in /usr/bin/Mail.

Given that all this achieves is crashing a program that runs under your own
user ID, where is the security risk?

Buffer overflows may allow you to execute arbritrary code, but as the
program runs as yourself (it is not setuid), you still can't run code as
another user, so it's not really much of an "exploit" is it?

Cheers
Stephen

Follow-Ups:
- Re: [cobalt-security] /usr/bin/Mail buffer overflow
  - From: Gossi The Dog

Prev by Date: RE: [cobalt-security] [RaQ3]Open ports
Next by Date: Re: [cobalt-security] /usr/bin/Mail buffer overflow
Previous by thread: [cobalt-security] Re: [Security] /usr/bin/Mail buffer overflow
Next by thread: Re: [cobalt-security] /usr/bin/Mail buffer overflow

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index