[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Re: [Security] /usr/bin/Mail buffer overflow
- Subject: [cobalt-security] Re: [Security] /usr/bin/Mail buffer overflow
- From: Jeff Lovell <jlovell@xxxxxxx>
- Date: Mon, 5 Mar 2001 10:17:27 -0800
- Organization: Cobalt Networks, Inc.
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sun, 04 Mar 2001, Gossi The Dog wrote:
> Its not a huge problem because it requires an account on the RaQ, but
> never-the-less will need patching at some point.
This exploit requires that /bin/mail be setuid or setgid.
/bin/mail ( /usr/bin/Mail is a symlink to it ) on our boxes are not
shipped setuid or setgid like most other distributions that are
discussed in the Bugtraq thread.
Jeff
--
Jeff Lovell
Sun Microsystems
Server Appliance Business Unit