[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: [Security] /usr/bin/Mail buffer overflow

Subject: [cobalt-security] Re: [Security] /usr/bin/Mail buffer overflow
From: Jeff Lovell <jlovell@xxxxxxx>
Date: Mon, 5 Mar 2001 10:17:27 -0800
Organization: Cobalt Networks, Inc.
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Sun, 04 Mar 2001, Gossi The Dog wrote:

> Its not a huge problem because it requires an account on the RaQ, but
> never-the-less will need patching at some point.

This exploit requires that /bin/mail be setuid or setgid.

/bin/mail ( /usr/bin/Mail is a symlink to it ) on our boxes are not 
shipped setuid or setgid like most other distributions that are
discussed in the Bugtraq thread.

Jeff
-- 
Jeff Lovell
Sun Microsystems
Server Appliance Business Unit

References:
- [cobalt-security] /usr/bin/Mail buffer overflow
  - From: Gossi The Dog

Prev by Date: Re: [cobalt-security] February Hack Update
Next by Date: Re: [cobalt-security] Re: [cobalt-users] BIND & ProFTPD
Previous by thread: [cobalt-security] /usr/bin/Mail buffer overflow
Next by thread: Re: [cobalt-security] /usr/bin/Mail buffer overflow

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index