Date: Fri, 2 Mar 2001 11:58:48 -0700
From: Caldera Support Info sup-info@LOCUTUS4.CALDERASYSTEMS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Security Update: buffer overflow in /bin/mail
CSSA-2001-010.0
Caldera Systems, Inc. Security Advisory
Subject: buffer overflow in /bin/mail
Advisory number: CSSA-2001-010.0
Issue date: 2001 March, 3
Cross reference:
1. Problem Description
There is a buffer overflow in /bin/mail which allows a local
attacker to read, modify and delete mails of other users on the
system.
2. Vulnerable Versions
System Package
OpenLinux 2.3 All packages previous to
mailx-8.1.1-12OL
OpenLinux eServer 2.3.1 All packages previous to
and OpenLinux eBuilder mailx-8.1.1-12
OpenLinux eDesktop 2.4 All packages previous to
mailx-8.1.1-12
3. Solution
Workaround
none
The proper solution is to upgrade to the latest packages.
4. OpenLinux 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera’s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
abc1ee0ce4d52ba1dd7059167af66cdc RPMS/mailx-8.1.1-12OL.i386.rpm
d88d071f083e7548837fb07aaf3e431d SRPMS/mailx-8.1.1-12OL.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv mailx*.i386.rpm
5. OpenLinux eServer 2.3.1 and OpenLinux eBuilder for ECential
3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera’s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
eb76e3238d1832ce648c8fe8abcdeb53 RPMS/mailx-8.1.1-12.i386.rpm
6e0e4ae06009c54bee2385353b4d3d5c SRPMS/mailx-8.1.1-12.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh mailx*i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera’s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
f99f489b3e748147d8ccfa9377158b55 RPMS/mailx-8.1.1-12.i386.rpm
6e0e4ae06009c54bee2385353b4d3d5c SRPMS/mailx-8.1.1-12.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fvh mailx*i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera’s internal Problem Report
9327.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.