VULHUB ™

The implementation of mail shipped with Solaris may allow an attacker to execute arbitrary code as the root user. The flaw may be exploited in some circumstances when a suid process calls sendmail through mail. It is possible, in this case, to pass additional command line options to sendmail, potentially subverting the process. The flaw with in.lpd, published as BID 3274, is an example of this problem. in.lpd is the only vulnerable program that is installed with Solaris by default. However, it is possible that third party software shares this vulnerability.

The implementation of mail shipped with Solaris may allow an attacker to execute arbitrary code as the root user. The flaw may be exploited in some circumstances when a suid process calls sendmail through mail. It is possible, in this case, to pass additional command line options to sendmail, potentially subverting the process. The flaw with in.lpd, published as BID 3274, is an example of this problem. in.lpd is the only vulnerable program that is installed with Solaris by default. However, it is possible that third party software shares this vulnerability.