Bugtraq mailing list archives
Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)
From: christopher () SCHULTE ORG (Christopher Schulte)
Date: Sun, 4 Jun 2000 05:09:23 -0500
At 07:53 PM 6/2/00 -0300, you wrote:
/* * mail-slak.c (C) 2000 Paulo Ribeiro <prrar () nitnet com br> * * Exploit for /usr/bin/Mail. * Made specially for Slackware Linux 7.0.
Sifting through the changelogs and package logs, it looks like mailx was upgraded from 8.1.1-9 to 8.1.1-10 on August 20, 1999. This was after both the 3 and 4 series of slackware were released. Both slack 3.6.0 and 4.0.0 appear to use the same mailx binary (neither of which are susceptible to this). Slack 7.x however, is..... One possible solution (I did not test this!) is to download a non susceptible version package, such as: ftp://ftp.slackware.com/pub/slackware/slackware-4.0/slakware/n1/mailx.tgz Backup binary and config files, of course. You can uncompress the .tgz and see exactly what files will be overwritten; it may suffice to just cp the binary file itself. -- Christopher Schulte | christopher () schulte org cell:612.986.4859 | home:651.225.4557 | fax: 651.315.3339 page:612.264.1115 | free:877.271.9245 | site: schulte.org COMING SOON http://SchulteConsulting.COM/ reliable computer consulting at a fair price.
Current thread:
- Re: [rootshell.com] Xterm DoS Attack, (continued)
- Re: [rootshell.com] Xterm DoS Attack Walt (Jun 01)
- Re: [rootshell.com] Xterm DoS Attack Soeren Staun-Pedersen (Jun 02)
- Insecure encryption in PassWD v1.2 Daniel Roethlisberger (Jun 03)
- Re: [rootshell.com] Xterm DoS Attack Wakko Ellington Warner-Warner III (Jun 04)
- Linux-Mandrake Xlockmore security update Chmouel Boudjnah (Jun 04)
- Microsoft BackOffice component: adredir.asp Michal Zalewski (Jun 03)
- Re: [rootshell.com] Xterm DoS Attack Walt (Jun 01)
- Re: [rootshell.com] Xterm DoS Attack Darren Reed (Jun 02)
- Re: [rootshell.com] Xterm DoS Attack gavina () CSIS GVSU EDU (Jun 02)
- [Debian] Majordomo will be removed Aleph One (Jun 03)
- /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) Paulo Ribeiro (Jun 02)
- Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) Christopher Schulte (Jun 04)
- [Gael Duval <gduval () mandrakesoft com>] [Security Announce] cdrecord Chmouel Boudjnah (Jun 03)
- Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability Ussr Labs (Aug 01)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2)Vulnerability Jeff Long (Jun 02)
- [JOLT2] Remote Denial of Service against Be/OS. visi0n (Jun 01)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2)Vulnerability Jeff Long (Jun 02)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2)Vulnerability Jeff Long (Jun 02)