Advisories : IRIX 3.3 & 3.31 /usr/sbin/Mail

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : IRIX 3.3 & 3.31 /usr/sbin/Mail

Title:	IRIX 3.3 & 3.31 /usr/sbin/Mail
Released by:	CERT
Date:	31st October 1990
Printable version:	Click here

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1







CA-90:08

Last Revised: September 17,1997

                Attached Copyright statement

                              CERT Advisory

                              October 31, 1990

                       IRIX 3.3 & 3.31 /usr/sbin/Mail



- ---------------------------------------------------------------------------



The CERT/CC has received the following report of a vulnerability in

/usr/sbin/Mail, present only in IRIX 3.3 and 3.3.1.  This information was

provided to the CERT/CC by Robert Stephens, of Silicon Graphics Inc.



- ----------------------------------------------------------------------------



DESCRIPTION:

/usr/sbin/Mail can fail to reset its group id to the group id of the caller.

 

IMPACT:

Can allow any user logged onto the system to read any other user's

(including root's) mail.



SOLUTION:

A fixed /usr/sbin/Mail binary has been made available for anonymous ftp

from SGI.COM ([192.48.153.1]).  The correct binary can be found at:



        sgi/Mail/Mail



under the ftp directory.



Note that this binary must be installed with the same group (mail) and

permissions (2755) as your existing 3.3 or 3.3.1 /usr/sbin/Mail.



- --------------------------------------------------------------------------



CONTACT INFORMATION



For further questions, please contact your Silicon Graphics support center

(Geometry Partners HOTLINE number: (800) 345-0222)



- --------------------------------------------------------------------------



Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890



Internet E-mail: cert@cert.org

Telephone: 412-268-7090 24-hour hotline: CERT personnel answer

           7:30a.m.-6:00p.m. EST, on call for

           emergencies other hours.



Past advisories and other information are available for anonymous ftp

from cert.org (192.88.209.5).



- --------------------------------------------------------------------------







Copyright 1990 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.



CERT is registered in the U.S. Patent and Trademark Office.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Revision History



September 17,1997  Attached Copyright Statement



-----BEGIN PGP SIGNATURE-----

Version: PGP for Personal Privacy 5.0

Charset: noconv



iQA/AwUBOBS8Nlr9kb5qlZHQEQLi3QCgoVHY9vfVKY6Ee0O5coW7gzg3frwAoLZ0

15S7IceE2Qt5jrUIAfDpCoVm

=fwfk

-----END PGP SIGNATURE-----