CVE - CVE-2000-0545

CVE-ID
CVE-2000-0545	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:1305 URL:http://www.securityfocus.com/bid/1305 BUGTRAQ:20000602 /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c) URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0435.html DEBIAN:20000605 mailx: mail group exploit in mailx URL:http://www.debian.org/security/2000/20000605
Assigning CNA
MITRE Corporation
Date Record Created
20000711	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20000712)
Votes (Legacy)
ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) LeBlanc, Wall REVIEWING(1) Christey
Comments (Legacy)
Frech> XF:sgi-mailx-bo(1371) CVE-2000-0545 seems to be a dupe of CVE-1999-0125 (Buffer overflow in SGI IRIX mailx program) since they both allow 'mail' group privileges. There was no exploit for SGI's vuln to compare. Christey> Since we are taking a split-by-default approach when there are insufficient details, we should keep this separate from CVE-1999-0125. The difference in the time of discovery is also a factor, even if these wind up being the same problem. However, there just aren't enough details to be sure if this is the same problem or not. Christey> On June 25, 1998, a buffer overflow in mailx via the HOME environmental variable was posted at: BUGTRAQ:19980625 security hole in mailx http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125955&w=2 This affected multiple OSes. SGI:19980605-01-PX (CVE-1999-0125) was published on September 29, 1998; while the advisory is short on details, it does mention a buffer overflow. So, there's enough distinction here (time and what gets exploited) to say that these should remain split; but CVE-1999-0125 likely needs to be RECAST to mention other affected OSes.
Proposed (Legacy)
20000712
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)