Date: Mon, 9 Apr 2001 06:31:31 -0500
Reply-To: Progeny Security Team <security@PROGENY.COM>
Sender: Bugtraq List
From: Progeny Security Team
Subject: PROGENY-SA-2001-03: mailx buffer overflow
---------------------------------------------------------------------------
PROGENY LINUX SYSTEMS -- SECURITY ADVISORY PROGENY-SA-2001-03
---------------------------------------------------------------------------
Topic: mailx buffer overflow
Category: mail
Module: mailx
Announced: 2001-04-09
Credits: Debian Security Team
Affects: Progeny Debian (mailx prior to 8.1.1-10.1.5progeny1)
Debian GNU/Linux (mailx prior to 8.1.1-10.1.5)
Vendor-Status: New Version Released (mailx_8.1.1-10.1.5progeny1)
Corrected: 2001-04-09
Progeny Only: NO
$Id: PROGENY-SA-2001-03,v 1.5 2001/04/09 08:39:58 csg Exp $
---------------------------------------------------------------------------
SYNOPSIS
A buffer overflow in mailx allows a local user to gain access to the
mail group.
PROBLEM DESCRIPTION
Mailx is a simple program to read and send e-mail. Mailx is installed
setgid mail on Progeny and Debian systems. A buffer overflow in mailx
allows for a local user to gain access to the mail group, which would
allow that user to read and write to other mail spools.
Debian resolved this problem by no longer shipping mailx setgid mail.
Progeny has decided to use Debian's fix. This means that on mail
systems that do not have world writable mail spools one will not be
able to properly lock one's mailbox.
IMPACT
Local users can compromise the privileges of the mail group.
SOLUTION
Upgrade to a fixed version of mailx. You may use Progeny's mailx package,
version mailx_8.1.1-10.1.5progeny1, for convenience.
WORKAROUND
1. If you do not have the suidmanager package (which supplies the
suidregister command) installed you can retrieve it by running the
following command. If you already have this package skip to the
second step of the workaround.
apt-get update && apt-get install suidmanager
2. Now you can manually apply this fix by running the following as root:
suidregister /usr/bin/mail root root 0755
UPDATING VIA APT-GET
1. Ensure that your /etc/apt/sources.list file has a URI for Progeny's
security update repository:
deb http://archive.progeny.com/progeny updates/newton/
2. Update your cache of available packages for apt(8).
Example:
# apt-get update
3. Using apt(8), install the new kernel package. apt(8) will download
the update, verify it's integrity with md5, and then install the
package on your system with dpkg(8).
Example:
# apt-get install mailx
UPDATING VIA DPKG
1. Using your preferred FTP/HTTP client to retrieve the following
updated files from Progeny's update archive at:
http://archive.progeny.com/pub/progeny/updates/newton/
Filename MD5 Checksum
------------------------------------ --------------------------------
mailx_8.1.1-10.1.5progeny1_i386.deb fe12bbc355688e9eeff853cf13ed7f58
Example:
# wget http://archive.progeny.com/pub/progeny/updates/newton/mailx_8.1.1-10.1.5progeny1_i386.deb
2. Use the md5sum command on the retrieved file to verify that it matches
the md5sum provided in this advisory:
Example:
# md5sum mailx_8.1.1-10.1.5progeny1_i386.deb
3. Then install the replacement package(s) using the dpkg command.
Example:
# dpkg --install mailx_8.1.1-10.1.5progeny1_i386.deb
MORE INFORMATION
There is no more information available at this time.
---------------------------------------------------------------------------
pub 1024D/F92D4D1F 2001-04-04 Progeny Security Team <security@progeny.com>