[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[irix-security] MediaMail vulnerability

To: irix-security@sfu.ca
Subject: [irix-security] MediaMail vulnerability
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 6 Jun 2002 16:39:11 -0700
User-Agent: Mutt/1.2.5.1i

Topic
=====
MediaMail vulnerabilities can lead to priviledge escalation

Problem Description
===================
The "MediaMail" and "MediaMail Pro" (the binary is "/usr/binX11/MediaMail")
mail applications can be caused to dump core when passed certain user-supplied
arguments. Since MediaMail and MediaMail Pro are setgid to group "mail", they
are considered to be privileged programs, and this core dumping can be used
in a variety of ways to exploit the system.

Affected Systems
================
The MediaMail binary is installed by default on IRIX 6.2 and earlier systems
as part of eoe.sw.base.  MediaMail was not shipped starting with IRIX 6.5,
but "MediaMail Pro" was shipped with IRIX 6.5 on the Applications CD, and is
not installed by default.

To determine the version of IRIX you are running, execute the following
command:

  # uname -R

That will return a result similar to the following:

  # 6.5 6.5.15f

The first number ("6.5") is the release name, the second ("6.5.15f" in this
case) is the extended release name.  The extended release name is the
"version" we refer to throughout this document.

To see if MediaMail or MediaMail Pro is installed, execute the following
command:

  # versions -b | mmail

If lines similar to either of the following lines are returned, then it is
installed, and the system is vulnerable.

  I  mmail          10/14/2000    MediaMail
  I  mmail          10/14/2000    MediaMail Pro

Solution
========
SGI no longer supports MediaMail, therefore SGI has not provided patches for
these vulnerabilities. SGI recommends uninstalling the program and switching
to a different mail program.

See the following URL for details about the expired status of the product:

To remove the MediaMail or MediaMail subsystem, depending on which is
installed, execute the following command:

  # versions remove mmail*

It is not necessary to reboot after removing the program from your system.

MediaMail was shipped on the following IRIX Operating Systems:

   OS Version     Vulnerable?
   ----------     -----------
   IRIX 6.5          yes
   IRIX 6.5.1        yes
   IRIX 6.5.2        yes
   IRIX 6.5.3        yes
   IRIX 6.5.4        yes
   IRIX 6.5.5        yes
   IRIX 6.5.6        yes
   IRIX 6.5.7        yes
   IRIX 6.5.8        yes
   IRIX 6.5.9        yes
   IRIX 6.5.10       yes
   IRIX 6.5.11       yes
   IRIX 6.5.12       yes
   IRIX 6.5.13       yes
   IRIX 6.5.14       yes
   IRIX 6.5.15       yes
   IRIX 6.5.16       yes

Prev by Date: [irix-security] IRIX rpc.passwd vulnerability
Next by Date: [irix-security] IRIX talkd vulnerability
Prev by thread: [irix-security] IRIX talkd vulnerability
Next by thread: [irix-security] IRIX rpc.passwd vulnerability
Index(es):
- Date
- Thread