Title: IRIX rmail Vulnerability
Severity: MODERATE
Description:
A vulnerability exists in the rmail utility, included by SGI with it's Irix operating system. The rmail utility is installed with setgid mail privileges by default on vulnerable systems. rmail is used with uucp.
It has been reported that the system() function is used with data that is derived from environment variables. The system() function passes any commands it receives directly to the shell. A malicious user could potentially set the affected environment variable to contain a shell metacharacter (such as ;), followed by arbitrary commands, which will be interpreted by the shell.
By failing to sanity check the contents of environment variables, arbitrary commands may be executed with group ID of mail. This will effectively allow malicious local users to elevate privileges.
Affected Products:
- SGI IRIX 5.0.0
- SGI IRIX 5.0.1
- SGI IRIX 5.1.0
- SGI IRIX 5.1.1
- SGI IRIX 5.2.0
- SGI IRIX 5.3.0
- SGI IRIX 5.3.0 XFS
- SGI IRIX 6.0.0
- SGI IRIX 6.0.1
- SGI IRIX 6.1.0
- SGI IRIX 6.2.0
- SGI IRIX 6.3.0
- SGI IRIX 6.4.0
References:
- Silicon Graphics Inc.: SGI Support
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
