|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)
From: Christopher Schulte (christopher
SCHULTE.ORG)Date: Sun Jun 04 2000 - 05:09:23 CDT
- Next message: Zac Cogswell: "Re: Netwin's Dmail package"
- Previous message: Luke Kenneth Casson Leighton: "anonymous SMBwriteX DoS"
- In reply to: Paulo Ribeiro: "/usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)"
- Reply: Christopher Schulte: "Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 07:53 PM 6/2/00 -0300, you wrote:
>/*
> * mail-slak.c (C) 2000 Paulo Ribeiro <prrarnitnet.com.br>
> *
> * Exploit for /usr/bin/Mail.
> * Made specially for Slackware Linux 7.0.
Sifting through the changelogs and package logs, it looks like mailx was
upgraded from 8.1.1-9 to 8.1.1-10 on August 20, 1999. This was after both
the 3 and 4 series of slackware were released. Both slack 3.6.0 and 4.0.0
appear to use the same mailx binary (neither of which are susceptible to this).
Slack 7.x however, is.....
One possible solution (I did not test this!) is to download a non
susceptible version package, such as:
ftp://ftp.slackware.com/pub/slackware/slackware-4.0/slakware/n1/mailx.tgz
Backup binary and config files, of course. You can uncompress the .tgz and
see exactly what files will be overwritten; it may suffice to just cp the
binary file itself.
-- Christopher Schulte | christopherCOMING SOON http://SchulteConsulting.COM/ reliable computer consulting at a fair price.
- Next message: Zac Cogswell: "Re: Netwin's Dmail package"
- Previous message: Luke Kenneth Casson Leighton: "anonymous SMBwriteX DoS"
- In reply to: Paulo Ribeiro: "/usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)"
- Reply: Christopher Schulte: "Re: /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]