[2874] in bugtraq
Solaris mailx hole
daemon@ATHENA.MIT.EDU (Marc Mosko/jfrank/us)
Tue Jul 2 00:06:52 1996
Date: Mon, 1 Jul 1996 23:57:09 +2000
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Marc Mosko/jfrank/us <Marc_Mosko@jfrank.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Today, someone told me that there's a security hold in Solaris 2.3's mailx
program. They didn't have all the details, but said that by creating a "temp"
file they could link to an ".rhosts" file and then rlogin as root on the target
machine. Somehow this involved mailx. This sound a bit like the race
condition hack for ps....
On my systems (Solaris 2.3) mailx is "r-x--s--x bin mail". The machines this
worked on were 2.5, but as I said I don't have any real details.
Has anyone heard of this?
Thanks,
Marc Mosko
