Re: /bin/mail Security Hole

Casper Dik (casper@fwi.uva.nl)
Sat, 26 Nov 1994 12:46:59 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pete Shipley: "Re: Solaris 2.4"
Previous message: Chris Ellwood: "Comments on SunOS /bin/mail patch"
In reply to: Nathan Lawson: "/bin/mail Security Hole"
Next in thread: Neil Woods: "Re: /bin/mail Security Hole"

>   Above all, FIX THIS HOLE.  As to 8lgm, I definitely supported you in the 
>past, but turning to security through obscurity this late in the game is a 
>turn for the worse.  If you have written an exploit, make it public, or do 
>NOT give it to anyone, not even your best friend's dog.  There's a lesson to be
>learned that has been repeated throughout history:  give out copies to only
>a few people, and the entire cracker community will get it.  Let's see a
>little more "all or nothing" commitments from the security community.


A word of caution for people running this script: all mail incoming
between starting the script and ending it will be lost.  If you interrupt
the script, all of your mailbox is left in /tmp.

I think that you'll find that Sun's patch 100224-13 fixes this hole as well
as the race condition that existed when writing to /var/spool/mail.

There has not yet been a security bulletin on this patch.

I think the race is easier to win than this.  All you need is one shot.

Casper

Next message: Pete Shipley: "Re: Solaris 2.4"
Previous message: Chris Ellwood: "Comments on SunOS /bin/mail patch"
In reply to: Nathan Lawson: "/bin/mail Security Hole"
Next in thread: Neil Woods: "Re: /bin/mail Security Hole"