[2881] in bugtraq
Re: Solaris mailx hole
daemon@ATHENA.MIT.EDU (Dave Roberts)
Wed Jul 3 12:42:27 1996
Date: Wed, 3 Jul 1996 12:32:53 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Dave Roberts <djr@saa-cons.co.uk>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.SUN.3.91.960702005934.18788A-100000@bigdog.fred.net>
On Tue, 2 Jul 1996, Andy Dills wrote:
> It's a very very old hole in /bin/mail that allows race conditions in
> which .rhosts files can be created...
>
> I would have thought this was fixed by 2.5, but it wasn't. My boss just a
> few minutes ago exploited it on a sol2.5 machine.
Hmmm, dunno how he did that. I have 2.5 on an UltraServer1, I haven't
even got round to installing any patches yet - it's straight off the CD
(HW 1/96 edition), and the script didn't work at all.
I tried it about 10 times, and failed to win the race condition every
time, the user targeted just received the mail.
Dave Roberts | "Surfing the Internet" is a sad term for sad people.
Unix Systems Admin | Get a board, find a beach, surf some REAL waves and
SAA Consultants Ltd | get a *real* life.
Plymouth, U.K. | -=[For PGP Key, send mail with subject of "get pgp"]=-
