SunOS mail HOME Buffer Overflow Vulnerability

A buffer overflow vulnerability exists in the /usr/bin/mail included with SunOS 5.8 for x86.

The overflow occurs when a string exceeding approximately 1100 characters is given as the HOME environment variable. Because the mail program is installed setgid mail by default, it may be possible for local users to execute arbitrary code/commands with these privileges.


 

Privacy Statement
Copyright 2010, SecurityFocus