BSD mail Mail Append Arbitrary File Modification

1985-07-31T00:00:00
ID OSVDB:615
Type osvdb
Reporter Bjorn Eriksen()
Modified 1985-07-31T00:00:00

Description

Vulnerability Description

BSD contains a flaw that may allow a malicious local user to modify arbitrary files on the system. The issue is triggered when a malicious user mails himself a root passwd entry that /usr/ucb/mail will append to /etc/passwd, resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

BSD contains a flaw that may allow a malicious local user to modify arbitrary files on the system. The issue is triggered when a malicious user mails himself a root passwd entry that /usr/ucb/mail will append to /etc/passwd, resulting in a loss of integrity.

References:

Mail List Post: http://securitydigest.org/unix/archive/019