IRIX mail Vulnerability
BID:1542
Info
IRIX mail Vulnerability
| Bugtraq ID: | 1542 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 07 1997 12:00AM |
| Updated: | May 07 1997 12:00AM |
| Credit: | A similar problem was discussed in an advisory by SGI, which says "Several security vulnerabilities were discovered in mail(1)/rmail(1M) that allow any local user with access to mail(1) and rmail(1M) programs to access or modify any file that is owned by |
| Vulnerable: |
SGI IRIX 6.5.1 SGI IRIX 6.5 SGI IRIX 6.4 SGI IRIX 6.3 SGI IRIX 6.2 SGI IRIX 5.3 |
| Not Vulnerable: | |
Discussion
IRIX mail Vulnerability
The mail(1) program, also know as mail_att, is used to read or send email. A buffer overflow condition exists in code that handles the LOGNAME environment variable. This could be exploited to elevate privileges.
The mail(1) program, also know as mail_att, is used to read or send email. A buffer overflow condition exists in code that handles the LOGNAME environment variable. This could be exploited to elevate privileges.
Exploit / POC
IRIX mail Vulnerability
An exploit has been made available.
An exploit has been made available.
Solution / Fix
IRIX mail Vulnerability
Solution:
It is currently unclear whether or not the patches provided for the problems addressed in SGI advisory #19980604-01/02 fix this problem or not. Remove any sgid/suid bits on the mail program and apply the patches.
Solution:
It is currently unclear whether or not the patches provided for the problems addressed in SGI advisory #19980604-01/02 fix this problem or not. Remove any sgid/suid bits on the mail program and apply the patches.