Bugtraq mailing list archives
Re: /usr/bin/Mail buffer 0verfl0w
From: Marcus Meissner <Marcus.Meissner () CALDERA DE>
Date: Mon, 5 Mar 2001 11:20:19 +0100
On Fri, Mar 02, 2001 at 08:08:15PM -0800, Blue Boar wrote:
I noticed Caldera released a patch for mail today on Bugtraq. "This security fix closes Caldera's internal Problem Report 9327." http://www.securityfocus.com/archive/1/166232 Quite the coincidence.
There is none actually. We reacted on the bug he reported. Our solution was just to drop the setgid mail bit, which we have been shipping /bin/mail with.
Here's the vuln-dev thread: http://securityfocus.com/templates/archive.pike?fromthread=1&list=82&threads=1&mid=165918&end=2001-03-03&start=2001-02-25& Seems that perhaps SosPiro should have been mentioned. I realize that vuln-dev doesn't exactly give vendors advanced notice due to the way it works, but still...
I am sorry we missed giving credit this time. Ciao, Marcus -- _____ ___ / __/____/ / Caldera (Deutschland) GmbH / /_/ __ / /__ Naegelsbachstr. 49c, 91052 Erlangen /_____//_/ /____/ Dipl. Inf. Marcus Meissner, email: mm () caldera de ==== /_____/ ====== phone: ++49 9131 7912-300, fax: ++49 9131 7192-399 Caldera OpenLinux
Current thread:
- Re: /usr/bin/Mail buffer 0verfl0w Blue Boar (Mar 04)
- Re: /usr/bin/Mail buffer 0verfl0w Marcus Meissner (Mar 05)