SuidPerl Mail Shell Escape Vulnerability

Solution:
If you do not make use of suidperl you can simply turn of the suid bit or remove the program altogether. Note: The patched version of /bin/mail provided by redhat restricts the environment variables that mail can inherit; unfortunately they can still be set in ~/.mailrc with a "set interactive" line.


RedHat mailx-8.1.1-10.i386.rpm

RedHat mailx-8.1.1-5.i386.rpm

RedHat perl-5.004m4-1.i386.rpm

RedHat perl-5.00503-10.i386.rpm

Larry Wall Perl 5.0 05_003

Larry Wall Perl 5.0 04_05

Larry Wall Perl 5.6


 

Privacy Statement
Copyright 2010, SecurityFocus