Re: Mail bug

["Thor" <thor () tech-center com>]

Hi


> Hi,
>
> I've discovered slightly odd behavour from /usr/bin/Mail on my Redhat 6.2
> box.  I don't really have the time to fiddle with this, so I'm hoping you
> guys can provide feedback as to if this is reproducable on other systems.
[...]
> echo -e \\x00 >/var/spool/mail/gossi
> mail
>
> (substituing gossi for your userid, obviously).  If it works, it should
> die.
[...]
> [gossi@owned gossi]$ mail
> Segmentation fault (core dumped)
>
> ---------
>
> So, roughly, the questions I can see are;
>
> a) can you reproduce it
> b) what OS/distro
> c) is Mail suid root?
> d) why is it doing this, and is it exploitable?

Debian potato 
mail is not suid 
Mail version 8.1 6/6/93.  
no core dumped

---
;---+---;
bye |
bye |hor


> Regards,
> Gossi The Dog.