In message <Pine.LNX.3.93.980119164955.9902A-100000at_private>, you writ e: > Description: > Due to lack of security checks there is a standard stack smashing probl > em. > Local user can execute code as root. > > Let's see. <descrip of exploit removed> > Local exploit exists for that option. Note that MH isn't even configured. > It's as the installation of RedHat 5.0 left it. Note also that MH is intalled > by deffect with RedHat 5.0. > > Solution: Uninstall this package or remove the suid-bit until patch becomes > available. How about: Remove suid bit from inc. Instead, use popclient to retrieve mail and procmail/rcvstore to deliver the messages into the MH mailboxes. This still allows users to use inc to suck in mbox format mailboxes. The popclient package is also installed by default with RedHat (at least it was with 4.2, I haven't installed 5.0 yet). > MH also installs another suid-program: msgchk. It's also posible to get a > Segmentation fault whith the same option, but I haven't been able to exploit > it. I have worked on it quite a few. Could someone probe it a little deeper?? > > Greetings -- Michael Parson News Admin SMART-NAP
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:39:59 PDT