Perl Updates

Is this going to be a problem for RT?

Summary from:

Red Hat Linux Security Advisory

1. Topic:
   Updated perl and mailx package are now available which fix a
   potential

exploit made possible by incorrect assumptions made in suidperl.
2. Problem description:
Under certain conditions, suidperl will attempt to send mail to the
local

superuser account using /bin/mail. A properly formatted exploit
script can

use this facility, along with mailx’s tendency to inherit settings from
the

environment, to gain local root access.

This update changes suidperl’s behavior to use syslog instead of
mail, and

restricts the list of variables /bin/mail will read from the
environment.
Frances Russell

It shouldn’t hurt anything…On Sun, Sep 03, 2000 at 08:17:33AM +1000, Frances Russell wrote:

Is this going to be a problem for RT?

Summary from:

Support

~~~~~
Red Hat Linux Security Advisory 

1. Topic:
Updated perl and mailx package are now available which fix a 
potential


exploit made possible by incorrect assumptions made in suidperl. 
2. Problem description:
Under certain conditions, suidperl will attempt to send mail to the 
local


superuser account using /bin/mail. A properly formatted exploit 
script can


use this facility, along with mailx's tendency to inherit settings from 
the


environment, to gain local root access.





This update changes suidperl's behavior to use syslog instead of 
mail, and


restricts the list of variables /bin/mail will read from the 
environment. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frances Russell


_______________________________________________
rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

jesse reed vincent — root@eruditorum.org — jesse@fsck.com
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
A REAL sysadmin challenge is “resurrect five dead mailserver while so ripped
to the gills on mdma that you can’t focus on any given line of text for more
than 10 seconds continuously.”
-Nathan Mehl