[Comm] ошибка в /bin/mail - buffer overrun

Mike Lykov =?iso-8859-1?q?combr_=CE=C1_vesna=2Eru?=
Ср Июн 4 07:57:06 MSD 2003


http://www.securityfocus.com/bid/7760/discussion/

A vulnerability has been discovered in the Linux /bin/mail utility. The 
problem occurs when processing excessive data within the carbon copy field. 
Due to insufficient bounds checking while parsing this information it may be 
possible to trigger a buffer overrun. 
 
An attacker could exploit this issue to execute arbitrary commands. It should 
be noted that local exploitation may be inconsequential, however a malicious 
e-mail message or CGI interface could be a sufficient conduit for remote 
exploitation.

-- vulnerable
RedHat Linux 9.0 i386
Slackware Linux 8.1

not vulnerable
Slackware Linux 9.0

А как насчет ALT Linux ? 

-- 
Mike



Подробная информация о списке рассылки community