Mailx Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Mailx Buffer Overflow Vulnerability

Most Unix or Unix-like operating systems ship with command-line e-mail utilities. One of the popular packages used is BSD Mailx. The 'mail' program, a component of MailX contains a buffer overflow vulnerability that may be exploitable by local users. Since some systems install the mail program setgid 'mail', exploitation of this vulnerability can yield enhanced privileges for an attacker.