Re: An exploit for linux mh ver 6.8.4-5 ( update ) ...
Miquel van Smoorenburg (miquels@CISTRON.NL)
Mon, 23 Mar 1998 13:16:46 +0100
In article <6f1d0j$8n9$1@defiant.cistron.nl>,
Miquel van Smoorenburg <miquels@CISTRON.NL> wrote:
>In article <Pine.LNX.3.96.980321161207.2339A-100000@mercury.redhat.com>,
>Erik Troan <ewt@REDHAT.COM> wrote:
>>On Sat, 21 Mar 1998, Catalin Mitrofan wrote:
>>
>>> host (user):~>. .mh_profile
>>> bash#
>>
>>Thanks for finding this -- I just put a fix on ftp.redhat.com.
>
>I've tried this with the Debian mh_6.8.4-17 package, and nothing happens.
>(It prints a lot of junk and then exits). Also, mh_check is installed setgid
>mail, not setuid root.
I have checked the source, and the RedHat fix. It appears that the Debian
mh_6.8.4-17 *is* vulnerable, but not with Catalin's exploit (would probably
work with some hacking).
I've placed a bugreport, and a patch, with severity "critical" into
Debian's bugsystem. There should be a fix soon.
Mike.
--
Miquel van Smoorenburg | Our vision is to speed up time,
miquels@cistron.nl | eventually eliminating it.