68 lines
2.1 KiB
Plaintext
68 lines
2.1 KiB
Plaintext
|
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|
|
|
|
|
|
|
CA-90:08 CERT Advisory
|
|
October 31, 1990
|
|
IRIX 3.3 & 3.31 /usr/sbin/Mail
|
|
|
|
- ---------------------------------------------------------------------------
|
|
|
|
The CERT/CC has received the following report of a vulnerability in
|
|
/usr/sbin/Mail, present only in IRIX 3.3 and 3.3.1. This information was
|
|
provided to the CERT/CC by Robert Stephens, of Silicon Graphics Inc.
|
|
|
|
- ----------------------------------------------------------------------------
|
|
|
|
DESCRIPTION:
|
|
/usr/sbin/Mail can fail to reset its group id to the group id of the caller.
|
|
|
|
IMPACT:
|
|
Can allow any user logged onto the system to read any other user's
|
|
(including root's) mail.
|
|
|
|
SOLUTION:
|
|
A fixed /usr/sbin/Mail binary has been made available for anonymous ftp
|
|
from SGI.COM ([192.48.153.1]). The correct binary can be found at:
|
|
|
|
sgi/Mail/Mail
|
|
|
|
under the ftp directory.
|
|
|
|
Note that this binary must be installed with the same group (mail) and
|
|
permissions (2755) as your existing 3.3 or 3.3.1 /usr/sbin/Mail.
|
|
|
|
- --------------------------------------------------------------------------
|
|
|
|
CONTACT INFORMATION
|
|
|
|
For further questions, please contact your Silicon Graphics support center
|
|
(Geometry Partners HOTLINE number: (800) 345-0222)
|
|
|
|
- --------------------------------------------------------------------------
|
|
|
|
Computer Emergency Response Team/Coordination Center (CERT/CC)
|
|
Software Engineering Institute
|
|
Carnegie Mellon University
|
|
Pittsburgh, PA 15213-3890
|
|
|
|
Internet E-mail: cert@cert.org
|
|
Telephone: 412-268-7090 24-hour hotline: CERT personnel answer
|
|
7:30a.m.-6:00p.m. EST, on call for
|
|
emergencies other hours.
|
|
|
|
Past advisories and other information are available for anonymous ftp
|
|
from cert.org (192.88.209.5).
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: 2.6.2
|
|
|
|
iQCVAwUBMaMwi3VP+x0t4w7BAQFjMgQAiXFV+Dh5WiTIxFsE2uh0Ek9Ec164MCEa
|
|
HBB8bSXEy+cSP877mVu4w/1o1eQkNBBw1Wi8ExmNDb5FJgZt/d/vqhjtAf59SOwV
|
|
Is6/a+6GyfJFK2LySwlJ/zxajZBGzPov0P1Pd9WsyDg4yUW6rVZFKjb2IkWraUL4
|
|
P7jw2Hf2iuQ=
|
|
=vulZ
|
|
-----END PGP SIGNATURE-----
|
|
|