BSD mailx 8.1.1-10 Buffer Overflow Vulnerability

Some Linux distributions ship with BSD mailx 8.1.1-10 (On Slackware 7.x it can be found as /usr/bin/Mail).

A vulnerability exists in the 'mail' program, part of the Berkeley mailx package. The 'mail' program contains a buffer overflow condition that is present when the -c parameter is used at the command line.

On systems where it is installed setgid, this vulnerability can be exploited to gain group 'mail' privileges.


 

Privacy Statement
Copyright 2010, SecurityFocus