SuidPerl Mail Shell Escape Vulnerability

If you do not make use of suidperl you can simply turn of the suid bit or remove the program altogether. Note: The patched version of /bin/mail provided by redhat restricts the environment variables that mail can inherit; unfortunately they can still be set in ~/.mailrc with a "set interactive" line.

Redhat mailx-8.1.1-10.i386.rpm

Redhat mailx-8.1.1-5.i386.rpm

Redhat perl-5.004m4-1.i386.rpm

Redhat perl-5.00503-10.i386.rpm

Larry Wall Perl 5.0 05_003

Larry Wall Perl 5.0 04_05

Larry Wall Perl 5.6


Privacy Statement
Copyright 2010, SecurityFocus