Date: Thu, 2 Nov 2000 17:00:34 +0200 From: Ruslan Ermilov <ru@FreeBSD.org> To: security@FreeBSD.org Subject: Re: vulnerability in mail.local (fwd) Message-ID: <20001102170034.A210@sunbay.com> In-Reply-To: <200011021428.eA2ESvl34243@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Thu, Nov 02, 2000 at 06:28:28AM -0800 References: <20001102092124.A57009@peitho.fxp.org> <200011021428.eA2ESvl34243@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 02, 2000 at 06:28:28AM -0800, Cy Schubert wrote: > > > > > Looks like we could be vulnerable too. > > > > mail.local(8) is not longer suid by default. > I would think that there is still a non-privileged user exploit. > Nope, you can't even exploit yourself if it's not setuid-root: # /usr/libexec/mail.local -l 220 foo.bar LMTP ready mail from:<|/tmp@foo.bar> 250 2.5.0 ok rcpt to:<ru> 250 2.1.5 ok data 354 go ahead Subject: test test . 451 4.3.0 lockmailbox /var/mail/ru failed; error code 75 ^C -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001102170034.A210>