[Comm] ошибка в /bin/mail - buffer overrun
Mike Lykov
=?iso-8859-1?q?combr_=CE=C1_vesna=2Eru?=
Ср Июн 4 07:57:06 MSD 2003
http://www.securityfocus.com/bid/7760/discussion/
A vulnerability has been discovered in the Linux /bin/mail utility. The
problem occurs when processing excessive data within the carbon copy field.
Due to insufficient bounds checking while parsing this information it may be
possible to trigger a buffer overrun.
An attacker could exploit this issue to execute arbitrary commands. It should
be noted that local exploitation may be inconsequential, however a malicious
e-mail message or CGI interface could be a sufficient conduit for remote
exploitation.
-- vulnerable
RedHat Linux 9.0 i386
Slackware Linux 8.1
not vulnerable
Slackware Linux 9.0
А как насчет ALT Linux ?
--
Mike
Подробная информация о списке рассылки community