home *** CD-ROM | disk | FTP | other *** search
-
-
- CA-90:08 CERT Advisory
- October 31, 1990
- IRIX 3.3 & 3.31 /usr/sbin/Mail
-
- ---------------------------------------------------------------------------
-
- The CERT/CC has received the following report of a vulnerability in
- /usr/sbin/Mail, present only in IRIX 3.3 and 3.3.1. This information was
- provided to the CERT/CC by Robert Stephens, of Silicon Graphics Inc.
-
- ----------------------------------------------------------------------------
-
- DESCRIPTION:
- /usr/sbin/Mail can fail to reset its group id to the group id of the caller.
-
- IMPACT:
- Can allow any user logged onto the system to read any other user's
- (including root's) mail.
-
- SOLUTION:
- A fixed /usr/sbin/Mail binary has been made available for anonymous ftp
- from SGI.COM ([192.48.153.1]). The correct binary can be found at:
-
- sgi/Mail/Mail
-
- under the ftp directory.
-
- Note that this binary must be installed with the same group (mail) and
- permissions (2755) as your existing 3.3 or 3.3.1 /usr/sbin/Mail.
-
- --------------------------------------------------------------------------
-
- CONTACT INFORMATION
-
- For further questions, please contact your Silicon Graphics support center
- (Geometry Partners HOTLINE number: (800) 345-0222)
-
- --------------------------------------------------------------------------
-
- Dan Farmer
- Computer Emergency Response Team/Coordination Center (CERT/CC)
- Software Engineering Institute
- Carnegie Mellon University
- Pittsburgh, PA 15213-3890
-
- Internet E-mail: cert@cert.sei.cmu.edu
- Telephone: 412-268-7090 24-hour hotline: CERT personnel answer
- 7:30a.m.-6:00p.m. EST, on call for
- emergencies other hours.
-
- Past advisories and other information are available for anonymous ftp
- from cert.sei.cmu.edu (192.88.209.5).
-
