VULHUB ™

A buffer overflow vulnerability exists in the /usr/bin/mail included with SunOS 5.8 for x86. The overflow occurs when a string exceeding approximately 1100 characters is given as the HOME environment variable. Because the mail program is installed setgid mail by default, it may be possible for local users to execute arbitrary code/commands with these privileges.

A buffer overflow vulnerability exists in the /usr/bin/mail included with SunOS 5.8 for x86. The overflow occurs when a string exceeding approximately 1100 characters is given as the HOME environment variable. Because the mail program is installed setgid mail by default, it may be possible for local users to execute arbitrary code/commands with these privileges.