[rt-users] Perl Updates

Frances Russell frussell at tpg.com.au
Sat Sep 2 18:17:33 EDT 2000


Is this going to be a problem for RT?

Summary from:

http://www.redhat.com/support/errata/RHSA-2000-048-03.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~
Red Hat Linux Security Advisory 

1. Topic:
Updated perl and mailx package are now available which fix a 
potential


exploit made possible by incorrect assumptions made in suidperl. 
2. Problem description:
Under certain conditions, suidperl will attempt to send mail to the 
local


superuser account using /bin/mail. A properly formatted exploit 
script can


use this facility, along with mailx's tendency to inherit settings from 
the


environment, to gain local root access.





This update changes suidperl's behavior to use syslog instead of 
mail, and


restricts the list of variables /bin/mail will read from the 
environment. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frances Russell





More information about the rt-users mailing list