Slackware: /usr/bin/Mail buffer overflow
Summary
Where Find New Packages
MD5 Signatures
Installation Instructions
========================/usr/bin/Mail chmoded 755 ======================== The Mail program shipped with Slackware has been shown to be subject to a buffer overflow that, if the program is sgid (as shipped with Slackware), can provide a malicious user with gid "mail". Having gid "mail" does not allow a user any special priveleges, as the mail group hasn't been used in Slackware for years. There is a security advisory being passed around, but we assure you there's no threat from the Mail flaw. Nonetheless, holes are no fun, and we've closed this one by removing the sgid bit from /bin/Mail. A new mailx.tgz package is available in Slackware-current: ============================================================================= As always, more information is available in the Slackware-current ChangeLog: ftp://ftp.slackware.com/pub/slackware/slackware-current/ChangeLog.txt -- Your Friendly Neighborhood Slackware Security Team security@slackware.com