[6374] in bugtraq
Re: An exploit for linux mh ver 6.8.4-5 ( update ) ...
daemon@ATHENA.MIT.EDU (Miquel van Smoorenburg)
Sun Mar 22 15:10:37 1998
Date: Sat, 21 Mar 1998 22:55:31 +0100
Reply-To: Miquel van Smoorenburg <miquels@CISTRON.NL>
From: Miquel van Smoorenburg <miquels@CISTRON.NL>
To: BUGTRAQ@NETSPACE.ORG
In article <Pine.LNX.3.96.980321161207.2339A-100000@mercury.redhat.com>,
Erik Troan <ewt@REDHAT.COM> wrote:
>On Sat, 21 Mar 1998, Catalin Mitrofan wrote:
>
>> host (user):~>. .mh_profile
>> bash#
>
>Thanks for finding this -- I just put a fix on ftp.redhat.com.
I've tried this with the Debian mh_6.8.4-17 package, and nothing happens.
(It prints a lot of junk and then exits). Also, mh_check is installed setgid
mail, not setuid root.
Mike.
--
Miquel van Smoorenburg | Our vision is to speed up time,
miquels@cistron.nl | eventually eliminating it.
