tadguy@abcfd01.larc.nasa.gov (Tad Guy) (10/13/90)
Archive-name: sgi-sbin-Mail/12-Oct-90 Original-posting-by: tadguy@abcfd01.larc.nasa.gov (Tad Guy) Original-subject: IRIX 3.3.1 /usr/sbin/Mail Archive-site: sgi.com [192.48.153.1] Archive-directory: sgi/Mail Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti) [ This appeared in comp.sys.sgi, but probably should be included here, too. Sorry, I don't know anymore than this. Obscurity reigns again. ...tad ] Path: abcfd20.larc.nasa.gov!uakari.primate.wisc.edu!zaphod.mps.ohio-state.edu!sdd.hp.com!decwrl!sgi!root From: root (Superuser) Newsgroups: comp.sys.sgi Subject: WARNING - Security hole in IRIX 3.3 /usr/sbin/Mail Message-ID: <71861@sgi.sgi.com> Date: 11 Oct 90 19:37:35 GMT Sender: guest@sgi.sgi.com Lines: 23 --- WARNING --- There is a security hole in IRIX 3.3 and 3.3.1 /usr/sbin/Mail. Due to the nature of this problem, I shall provide no further details. For the benefit of those with immediate security concerns, a fixed /usr/sbin/Mail binary has been made available for anonymous ftp from SGI.COM ([192.48.153.1]). The fixed binary can be found at: sgi/Mail/Mail under the ftp directory. Note that this binary must be installed with the same group (mail) and permissions (2755) as your existing 3.3 or 3.3.1 /usr/sbin/Mail. Apologies for any inconvenience. Robert Stephens Silicon Graphics Inc. Mountain View, CA roberts@sgi.com