-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.12: mailx is vulnerable to typical /tmp exploits Topic: mailx is vulnerable to typical /tmp exploits Advisory issue date: 24-July-1998 I. Problem Description II. Impact Description: mailx creates files in /tmp in an unsafe manner. Vulnerable Systems: OpenLinux systems up to and including OpenLinux 1.2 with the mailx-8.1.1-1 rpm package. III. Solution Correction: The proper solution is to upgrade to the mailx-8.1.1-3 package. It can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: 87ed7999df10c0109ca00abab784c253 RPMS/mailx-8.1.1-3.i386.rpm 30840f0707958dd77b52d88daedb8d3b SRPMS/mailx-8.1.1-3.src.rpm Upgrade with the following commands: rpm -q mailx && rpm -U mailx-8.1.1-3.i386.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/news/security/index.html This security fix closes Caldera's internal Problem Report 1852. V. PGP Signature This message was signed with the PGP key for security@caldera.com. This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1998.12.txt,v 1.3 1998/07/24 13:00:36 rf Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNbiFdOn+9R4958LpAQExGAP/e7PkvkYgiatcWm5WF57f3G2bQdYKP9S6 RGg3FFHqv0mrAB2sRUe4Wv8tOA6pw18cKGG9ZJnt2W5BEDN8x32mf59yzQSFj0uc cCA94AJsaX9OBGIbk4PS/v6RsALrxADftI98QmlghiWfSTvelr07KkdQkiPP7Xo1 QaRpyuaNJ6c= =mCmi -----END PGP SIGNATURE-----