[rt-users] Perl Updates
Frances Russell
frussell at tpg.com.au
Sat Sep 2 18:17:33 EDT 2000
Is this going to be a problem for RT?
Summary from:
http://www.redhat.com/support/errata/RHSA-2000-048-03.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~
Red Hat Linux Security Advisory
1. Topic:
Updated perl and mailx package are now available which fix a
potential�
exploit made possible by incorrect assumptions made in suidperl.
2. Problem description:
Under certain conditions, suidperl will attempt to send mail to the
local�
superuser account using /bin/mail. A properly formatted exploit
script can�
use this facility, along with mailx's tendency to inherit settings from
the�
environment, to gain local root access.�
�
This update changes suidperl's behavior to use syslog instead of
mail, and�
restricts the list of variables /bin/mail will read from the
environment.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frances Russell
More information about the rt-users
mailing list