Vulnerability Note VU#17215
SGI systems may execute commands embedded in mail messages
Some SGI systems produced circa 1998 allowed an intruder to send mail that would execute commands when the reader opened the message.
On some SGI systems, Netscape is bundled with IRIX 6.3 and 6.4 and is used as the default web browser and mail reader. On these systems, the mailcap file has been extended to include the line
application/x-sgi-exec; /usr/sysadm/bin/runexec %s; \
Although this description necessarily mentions Netscape Communicator, the vulnerability does not lie with Communicator. Any program that obeys the mailcap file, including metamail and programs that use metamail to provide MIME functionality, can be used to exploit this vulnerability. Netscape is mentioned because vulnerable systems ship with Netscape installed as the default mail reader and web browser.
Intruders may be able to execute arbitrary commands on vulnerable systems by inducing a victim to read appropriately crafted email messages and web pages. If privileged users use a vulnerable mail system to read a mail, an intruder may be able to gain root access.
Modify the mailcap file to remove the runexec and runtask associations.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|SGI||Affected||-||13 Apr 2001|
CVSS Metrics (Learn More)
Our thanks to Karl Stiefvater who reported this vulnerability to us.
This document was written by Shawn V. Hernan.
- CVE IDs: Unknown
- Date Public: 02 Apr 98
- Date First Published: 13 Apr 2001
- Date Last Updated: 10 Aug 2001
- Severity Metric: 65.81
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.