Bugtraq mailing list archives

IRIX 5.3 and CA-96.19 - Vulnerability in expreserve?

From: mkienenb () arsc edu (Mike Kienenberger)
Date: Thu, 15 Aug 1996 18:43:22 -0800


Re: CERT Advisory CA-96.19 - Vulnerability in expreserve

Anyone know what the exploit for this is and whether it applies to SGI's IRIX 5.3?
/usr/lib/expreserve uses system("/usr/bin/mail %s"), but using IFS shows
that mail isn't called with a group-id of sys as far as I can tell..

myhost% ls -l /usr/lib/expreserve
-rwxr-sr-x    1 root     sys        18632 Jul 19  1995 /usr/lib/expreserve

I find the absense of a comment by SGI quite suspicious since they're quite
fast to post "we're not vulnerable" responses.

Thanks.
---
Mike Kienenberger    Arctic Region Supercomputing Center
Systems Analyst      (907) 474-6842
mkienenb () arsc edu    http://www.arsc.edu

Current thread:

Re: mail storm Roy Leonard (Aug 13)
- Re: mail storm zero cool (Aug 13)
- Re: mail storm Pete Ashdown (Aug 13)
- Re: mail storm Sean B. Hamor (Aug 13)
- setuid lp script Francis Liu (Aug 13)
  - Re: setuid lp script Casper Dik (Aug 15)
  - CERT Advisory CA-96.19 - Vulnerability in expreserve CERT Advisory (Aug 15)
    - IRIX 5.3 and CA-96.19 - Vulnerability in expreserve? Mike Kienenberger (Aug 15)
- <Possible follow-ups>
- Re: mail storm Brett L. Hawn (Aug 13)
  - Re: mail storm John Ladwig (Aug 13)
  - Re: mail storm C. Harald Koch (Aug 13)
  - Re: mail storm Joe Rhett (Aug 13)
  - Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
  - HP elm exploit Clay Shields (Aug 13)
- Re: mail storm der Mouse (Aug 13)
- Re: mail storm J.R.Valverde (Aug 13)