Date: Thu, 11 Apr 2002 22:45:17 +0200 From: Nicolas Rachinsky <list@rachinsky.de> To: security@FreeBSD.ORG Subject: Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems Message-ID: <20020411204516.GA51239@pc5.abc> In-Reply-To: <4.3.2.7.2.20020411141011.030a0b80@nospam.lariat.org> References: <4.3.2.7.2.20020411141011.030a0b80@nospam.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Brett Glass <brett@lariat.org> [2002-04-11 14:12:01 -0600]:
> [This is a corrected version of the previous message, which omitted
> the word "isn't" near the beginning of the second paragraph.]
>
> The vulnerability described in the message below is a classic
> "in-band signalling" problem that may give an unauthorized user
> the ability to run an arbitrary command as root.
>
> Fortunately, the vulnerability isn't present in FreeBSD's daily, weekly,
> and monthly maintenance scripts, because they use sendmail rather
> than /bin/mail. Nonetheless, the same patch should be applied to
> FreeBSD's /bin/mail due to the possibility that other privileged
> utilities (or user-written scripts) might use /bin/mail instead of
> sendmail to create e-mail messages.
man mail says:
-I Forces mail to run in interactive mode even when input is not a
terminal. In particular, the `~' special character when sending
mail is only active in interactive mode.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020411204516.GA51239>