[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

[SECURITY HOLE] mailx bug

To: ilugc@xxxxxxxxxxxxxxxxxx, linux-india-help@xxxxxxxxxxxxxxxxxxxxx
Subject: [SECURITY HOLE] mailx bug
From: "Ravikant K.Rao" <ravikant@xxxxxxxxxxxxxxx>
Date: Sun, 4 Jun 2000 19:57:34 +0530 (IST)
Reply-to: ilugc@xxxxxxxxxxxxxxxxxx
Sender: "Ravikant K.Rao" <ravi@xxxxxxxxxxxxxxxxx>
Sender: ilugc-bounce@xxxxxxxxxxxxxxxxxx

This hole in mailx drops you into a shell with mail group access
privileges. You can read/write/delete emails of any other user on the
box.

	-> http://packetstorm.securify.com/0005-exploits/mailx.c <-

	Found to:

	a) work on stock slink,potato,woody boxes.
	b) /supposedly/ works on slackware
	c) NOT work on $distribution + secure-Linux [ Check with
Debian ]

	Moral of the story, get secure-Linux.

	http://openwall.com/Linux

	Cheers.

								--ravi
-- 
Ravikant K.Rao : http://www.symonds.net/~ravi/
Primary Email  : <ravi@xxxxxxxxxxx> | PGP: 9544A4A1   GPG: 1024D/C2FC752D
---
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.

Prev by Subject: [SECURITY BUG] All 2.2.x kernels buggy except 2.2.16
Next by Subject: [SECURITY-Debian] New verion of dhcp released
Previous by thread: Re: Permission of /var/spool/mqueue
Next by thread: Permissions of /var/spool/mqueue
Index(es):
- Subject
- Thread