CVE
- Id
- 2122
- CVE No.
- CVE-2000-0545
- Status
- Candidate
- Description
- Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter.
- Phase
- Proposed (20000712)
- Votes
- ACCEPT(2) Levy, Ozancin | MODIFY(1) Frech | NOOP(2) LeBlanc, Wall | REVIEWING(1) Christey
- Comments
- Frech> XF:sgi-mailx-bo(1371) | CVE-2000-0545 seems to be a dupe of CVE-1999-0125 (Buffer overflow in SGI | IRIX mailx program) since they both allow "mail" group privileges. There was | no exploit for SGI"s vuln to compare. | Christey> Since we are taking a split-by-default approach when | there are insufficient details, we should keep this | separate from CVE-1999-0125. The difference in the | time of discovery is also a factor, even if these wind | up being the same problem. However, there just aren"t | enough details to be sure if this is the same problem or not. | Christey> On June 25, 1998, a buffer overflow in mailx via the HOME | environmental variable was posted at: | BUGTRAQ:19980625 security hole in mailx | http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125955&w=2 | | This affected multiple OSes. | | SGI:19980605-01-PX (CVE-1999-0125) was published on September | 29, 1998; while the advisory is short on details, it does | mention a buffer overflow. | | So, there"s enough distinction here (time and what gets | exploited) to say that these should remain split; but | CVE-1999-0125 likely needs to be RECAST to mention other | affected OSes.
