Vacation Vulnerability

Lars Balker Rasmussen (lbr@mjolner.dk)
Wed, 22 Oct 1997 10:17:05 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Buffer overflow in the IBM AIX "xdat" command"
Previous message: Jason R Mastaler: "Re: remotely kill solaris syslogd"

Secure Networks Inc. <sni@silence.secnet.com> wrote:
> Security Advisory
> September 1, 1997
>
> Vacation Vulnerability
>
>
> This advisory addresses a vulnerability in the vacation program which
> allows individuals to execute commands remotely on vulnerable systems.
>
> Vacation is used by the recipient of email messages to notify the sender
> that they are not currently reading their mail. This is installed by
> placing a .forward file into your directory containing a line as follows:
>
> \user, "|/usr/bin/vacation user"
[...]
> Solaris
>
> The version of vacation shipped with Solaris is vulnerable if a
> public domain version of sendmail, other than Solaris sendmail,
> has been installed on the system. Sun Microsystems will be
> issuing a solution to this problem in the near future.
>
> As a short term workaround, the vacation program be disabled by
> changing the permissions as follows:
>
> # chmod -x /bin/vacation
[...]

It's been more than a month now. Does anyone know what Sun has done or
will do about the problem? Is there some alternative solution?

-- 
Lars Balker Rasmussen, Software Engineer, Mjolner Informatics ApS
lbr@mjolner.dk

Next message: Aleph One: "Buffer overflow in the IBM AIX "xdat" command"
Previous message: Jason R Mastaler: "Re: remotely kill solaris syslogd"