Bugtraq mailing list archives
Solaris mailx hole
From: Marc_Mosko () jfrank COM (Marc Mosko/jfrank/us)
Date: Mon, 1 Jul 1996 23:57:09 +2000
Today, someone told me that there's a security hold in Solaris 2.3's mailx program. They didn't have all the details, but said that by creating a "temp" file they could link to an ".rhosts" file and then rlogin as root on the target machine. Somehow this involved mailx. This sound a bit like the race condition hack for ps.... On my systems (Solaris 2.3) mailx is "r-x--s--x bin mail". The machines this worked on were 2.5, but as I said I don't have any real details. Has anyone heard of this? Thanks, Marc Mosko
Current thread:
- Solaris mailx hole Marc Mosko/jfrank/us (Jun 30)
- Re: Solaris mailx hole Andy Dills (Jul 01)
- Re: Solaris mailx hole Casper Dik (Jul 02)
- Re: Solaris mailx hole Andy Dills (Jul 02)
- CD4300 series BUG DANIEL .D .EZEKIEL (Jul 02)
- Re: BoS: Re: Solaris mailx hole Travis Hassloch x231 (Jul 02)
- Re: Solaris mailx hole Dave Roberts (Jul 03)
- Re: Solaris mailx hole Andy Dills (Jul 03)
- [8lgm]-Advisory-26.UNIX.rdist.20-3-1996 [Forwarded e-mail from Jeff Uphoff (Jul 03)
- BoS: *** SECURITY ALERT *** (fwd) Michael Brennen (Jul 03)
- BoS: *** SECURITY ALERT *** (fwd) Mark_W_Loveless () smtp bnr com (Jul 04)
- Re: Solaris mailx hole Casper Dik (Jul 02)
(Thread continues...)
- Re: Solaris mailx hole Andy Dills (Jul 01)