Bugtraq mailing list archives
Re: vulnerability in mail.local
From: Nic Bellamy <nic () BELLAMY CO NZ>
Date: Thu, 2 Nov 2000 15:12:26 +1300
On Wed, 1 Nov 2000, gregory duchemin wrote:
mail.local is a little setuid root prog designed, like its name suggest, for local mail delivering.
[snip] The problem is not in mail.local at all, it's in 'mail' (/bin/mail, /usr/bin/mail or similar). When you attempt to reply to a message from <|/tmp/some@file>, 'mail' will attempt to send it via that program. The same problem can be seen in a simple fashion from the command line, eg. $ mail '|/usr/bin/id' Subject: test message testing . Cc: $ uid=1000(nic) gid=1000(nic) So, to summarise, you are not vulnerable unless you: (a) use /bin/mail to handle your email, and (b) reply to an email with a from address starting with '|'. Regards, Nic. -- Nic Bellamy <nic () bellamy co nz> IT Consultant, Asterisk Limited - http://www.asterisk.co.nz/ Ph: +64-9-360-0905 Fax: +64-9-360-0906 Mob: +64-21-360-905
Current thread:
- vulnerability in mail.local gregory duchemin (Nov 03)
- Re: vulnerability in mail.local Nic Bellamy (Nov 03)
- Re: vulnerability in mail.local Neil W Rickert (Nov 03)
- Re: vulnerability in mail.local Rogier Wolff (Nov 07)
- Re: vulnerability in mail.local bert hubert (Nov 07)
- Re: vulnerability in mail.local Robert Bihlmeyer (Nov 08)
- Re: vulnerability in mail.local Rogier Wolff (Nov 07)