Patch-ID# 101574-07 Keywords: security mail rmail ignores sendmail segv content-length Synopsis: SunOS 5.3: /usr/bin/mail patch Date: Jun/13/00 Solaris Release: 2.3 SunOS Release: 5.3 Unbundled Product: Unbundled Release: Topic: SunOS 5.3: /usr/bin/mail patch BugId's fixed with this patch: 1104684 1154720 1158599 1162761 1172378 1173101 1197676 4276509 Changes incorporated in this version: 4276509 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/mail Problem Description: 4276509 security: /bin/mail has buffer overflow (from 101574-06) 1197676 /bin/mail corrupts MIME mail headers (from 101574-05) 1172378 /bin/mail still contains root access security problem even after patch 100224-07 (from 101574-04) 1173101 5.x /bin/mail should be backward-compatible with 4.x /bin/mail In 5.x, "Content-length" is being used to specify how long the message is. This is causing problems when mail spooled on 4.x is mounted on 5.x. In absence of "Content-length" , /bin/mail on 5.x has problems with figuring out how long the mail message is. "from " at the beginning of line causes /bin/mail to incorrectly display mail headers. (from 101574-03) 1162761 bug 1104684 was fixed incompletely and can cause lost mail under FS full case (from 101574-02) 1104684 bin/mail exit code not compatible with sendmail 1158599 the fix to 1154720 causes a segv when an address has a dot in it The fix to 1154720 causes a segv when an address has a dot in it. /bin/mail exit code not compatible with sendmail, thus sendmail can not understand the error reported by /bin/mail (from 101574-01) 1154720 4.x binmail/rmail and 5.x /bin/mail ignores messages after single dot line Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- None.