[3190] in bugtraq
IRIX 5.3 and CA-96.19 - Vulnerability in expreserve?
daemon@ATHENA.MIT.EDU (Mike Kienenberger)
Sat Aug 17 20:03:39 1996
Date: Thu, 15 Aug 1996 18:43:22 -0800
Reply-To: mkienenb@arsc.edu
From: Mike Kienenberger <mkienenb@arsc.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199608151411.KAA01100@why.cert.org>
Re: CERT Advisory CA-96.19 - Vulnerability in expreserve
Anyone know what the exploit for this is and whether it applies to SGI's IRIX 5.3?
/usr/lib/expreserve uses system("/usr/bin/mail %s"), but using IFS shows
that mail isn't called with a group-id of sys as far as I can tell..
myhost% ls -l /usr/lib/expreserve
-rwxr-sr-x 1 root sys 18632 Jul 19 1995 /usr/lib/expreserve
I find the absense of a comment by SGI quite suspicious since they're quite
fast to post "we're not vulnerable" responses.
Thanks.
---
Mike Kienenberger Arctic Region Supercomputing Center
Systems Analyst (907) 474-6842
mkienenb@arsc.edu http://www.arsc.edu
