Solaris mailx Lockfile Denial Of Service Vulnerability
BID:2169
Info
Solaris mailx Lockfile Denial Of Service Vulnerability
| Bugtraq ID: | 2169 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 30 2000 12:00AM |
| Updated: | Dec 30 2000 12:00AM |
| Credit: | This vulnerability was announced by optyx <[email protected]> on December 30, 2000 via Bugtraq. |
| Vulnerable: |
Sun Solaris 8_sparc Sun Solaris 7.0 Sun Solaris 2.6 |
| Not Vulnerable: | |
Discussion
Solaris mailx Lockfile Denial Of Service Vulnerability
mailx is a Mail User Agent distributed with most UNIX Operating Systems. A problem exists with the implementation of mailx distributed with Solaris.
The problem involves lockfiles in the /var/mail directory. By default, the /var/mail directory is world writable as deployed with the Solaris Operating Environment. When a file is created in the /var/mail directory using the extension $LOGNAME.lock, it is possible to deny service to a legitimate user of mailx if the $LOGNAME.lock file is not removable by the mailx user. This problem makes it possible for a user with malicious intent to deny service to any user of mailx.
mailx is a Mail User Agent distributed with most UNIX Operating Systems. A problem exists with the implementation of mailx distributed with Solaris.
The problem involves lockfiles in the /var/mail directory. By default, the /var/mail directory is world writable as deployed with the Solaris Operating Environment. When a file is created in the /var/mail directory using the extension $LOGNAME.lock, it is possible to deny service to a legitimate user of mailx if the $LOGNAME.lock file is not removable by the mailx user. This problem makes it possible for a user with malicious intent to deny service to any user of mailx.
Exploit / POC
Solaris mailx Lockfile Denial Of Service Vulnerability
This exploit was contributed by optyx <[email protected]> :
This exploit was contributed by optyx <[email protected]> :
Solution / Fix
Solaris mailx Lockfile Denial Of Service Vulnerability
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].