[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : IRIX 3.3 & 3.31 /usr/sbin/Mail

Title: IRIX 3.3 & 3.31 /usr/sbin/Mail
Released by: CERT
Date: 31st October 1990
Printable version: Click here

Hash: SHA1


Last Revised: September 17,1997

                Attached Copyright statement

                              CERT Advisory

                              October 31, 1990

                       IRIX 3.3 & 3.31 /usr/sbin/Mail

- ---------------------------------------------------------------------------

The CERT/CC has received the following report of a vulnerability in

/usr/sbin/Mail, present only in IRIX 3.3 and 3.3.1.  This information was

provided to the CERT/CC by Robert Stephens, of Silicon Graphics Inc.

- ----------------------------------------------------------------------------


/usr/sbin/Mail can fail to reset its group id to the group id of the caller.



Can allow any user logged onto the system to read any other user's

(including root's) mail.


A fixed /usr/sbin/Mail binary has been made available for anonymous ftp

from SGI.COM ([]).  The correct binary can be found at:


under the ftp directory.

Note that this binary must be installed with the same group (mail) and

permissions (2755) as your existing 3.3 or 3.3.1 /usr/sbin/Mail.

- --------------------------------------------------------------------------


For further questions, please contact your Silicon Graphics support center

(Geometry Partners HOTLINE number: (800) 345-0222)

- --------------------------------------------------------------------------

Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 24-hour hotline: CERT personnel answer

           7:30a.m.-6:00p.m. EST, on call for

           emergencies other hours.

Past advisories and other information are available for anonymous ftp

from cert.org (

- --------------------------------------------------------------------------

Copyright 1990 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision History

September 17,1997  Attached Copyright Statement


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.