Vulnerability Note VU#446864

Sun Solaris mailx contains buffer overflow via -F option

Original Release date: 03 May 2001 | Last revised: 03 May 2001

Overview

A buffer overflow in the mailx program on Solaris systems can allow an intruder to execute code with the privileges of the mail group.

Description

A buffer overflow in the -F option of the mailx program on Solaris systems may allow an intruder to execute code with the privileges of the group of the owner of the file (i.e. mailx is setgid mail). An exploit is publicly available that reportedly works against Solaris on Intel systems.

Impact

A local intruder can execute code with the privileges of the mail group.

Solution

We are currently unaware of any patches to fix the buffer overflow.

Until a patch can be developed, remove the setgid bit from the mailx program.

Systems Affected (Learn More)

No information available. If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

  • None

Credit

This vulnerability was discovered by Pablo Sor, Buenos Aires, Argentina,and documented with the aid of the Security Focus Vulnerability Help Team.

This document was written by Shawn V. Hernan

Other Information

  • CVE IDs: Unknown
  • Date Public: 11 Apr 2001
  • Date First Published: 03 May 2001
  • Date Last Updated: 03 May 2001
  • Severity Metric: 14.55
  • Document Revision: 2

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.