OpenBSD: 'mail' Local root compromise
Posted by LinuxSecurity.com Team   
OpenBSD OpenBSD 3.0 and 2.9 contain a potential localhost root compromise,found by Milos Urbanek. Earlier versions of OpenBSD are not affected.

Date: Thu, 11 Apr 2002 13:03:34 -0600
From: Todd C. Miller <Todd.Miller@courtesan.com>
To: security-announce@openbsd.org
Subject: localhost compromise in OpenBSD 2.9 and 3.0

OpenBSD 3.0 and 2.9 contain a potential localhost root compromise,
found by Milos Urbanek.  Earlier versions of OpenBSD are not affected.

The mail(1) program will process tilde escapes even when it is not
in interactive mode.  Since mail(1) is called by the default cron(8)
jobs, this can lead to a localhost root compromise.

Patch for OpenBSD 3.0:
    href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/018_mail.patch

Patch for OpenBSD 2.9:
    href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/023_mail.patch

The 3.0-stable and 2.9-stable branches will be updated with this
patch later today.