Bugtraq mailing list archives

Re: /bin/mail Security Hole

From: casper () fwi uva nl (Casper Dik)
Date: Sat, 26 Nov 1994 12:46:59 +0100

  Above all, FIX THIS HOLE.  As to 8lgm, I definitely supported you in the 
past, but turning to security through obscurity this late in the game is a 
turn for the worse.  If you have written an exploit, make it public, or do 
NOT give it to anyone, not even your best friend's dog.  There's a lesson to be
learned that has been repeated throughout history:  give out copies to only
a few people, and the entire cracker community will get it.  Let's see a
little more "all or nothing" commitments from the security community.



A word of caution for people running this script: all mail incoming
between starting the script and ending it will be lost.  If you interrupt
the script, all of your mailbox is left in /tmp.

I think that you'll find that Sun's patch 100224-13 fixes this hole as well
as the race condition that existed when writing to /var/spool/mail.

There has not yet been a security bulletin on this patch.

I think the race is easier to win than this.  All you need is one shot.

Casper

Current thread:

/bin/mail Security Hole Nathan Lawson (Nov 26)
- Re: /bin/mail Security Hole Casper Dik (Nov 26)
- Re: /bin/mail Security Hole Neil Woods (Nov 26)
- [8lgm]-Advisory-8.UNIX.SunOS-kernel.11-Nov-1994 [8LGM] Security Team (Nov 27)
- [8lgm]-Advisory-9.UNIX.urestore.10-Feb-1993 [8LGM] Security Team (Nov 27)
- [8lgm]-Advisory-13.UNIX.SCO-login.15-Apr-1994 [8LGM] Security Team (Nov 27)