Bugtraq mailing list archives
security problem w/ smail
From: jwa () pine cse nau edu (james w abendschan)
Date: Tue, 27 Sep 1994 10:26:28 -0700
I've discovered a bug in smail 3.1.28.1 -- it allows any local user to read any file. A quick way to fix this is to put -smtp_debug in your smail config. I'll post an exploit script after a couple of days -- enough time hopefully for people to take some action. I've also tried to contact the makers of smail, but the only address I have [smail-bugs () veritas com] bounces. Anyone who has a more accurate address, please mail me with it. FYI, many linux distributions ship with smail 3.1.28.1. James -- James Abendschan jwa () pine cse nau edu change for the machines
Current thread:
- Re: Security Info (root broken), (continued)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Casper Dik (Sep 29)
- Re: Security Info (root broken) Timothy Newsham (Sep 29)
- Old sendmail bugs Michael Neuman (Sep 29)
- Re: Security Info (root broken) Karl Strickland (Sep 29)
- Re: Security Info (root broken) Christopher Klaus (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Pug (Sep 29)
- Re: Security Info (root broken) Neil Woods (Sep 29)
- IBM AIX rlogin fix jim () Tadpole COM (Sep 28)
- security problem w/ smail james w abendschan (Sep 27)