Patch-ID# 102043-06 Keywords: security backward compatible mail root access MIME headers IOERR Synopsis: SunOS 5.4_x86: /usr/bin/mail fixes Date: Aug/25/00 Solaris Release: 2.4_x86 SunOS Release: 5.4_x86 Unbundled Product: Unbundled Release: Xref: This patch available on SPARC as patch 102042 Topic: SunOS 5.4_x86: /usr/bin/mail fixes BugId's fixed with this patch: 1172378 1173101 1197676 1201718 1222668 4276509 Changes incorporated in this version: 4276509 Relevant Architectures: i386 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/bin/mail Problem Description: 4276509 security: /bin/mail has buffer overflow (from 102043-05) 1201718 Mail headers with certain characters are not recognized as headers (from 102043-04) 1222668 /bin/mail incorrectly generates IOERR return code for quota exceeded (from 102043-03) 1197676 /bin/mail corrupts MIME mail headers (from 102043-02) 1172378 /bin/mail still contains root access security problem even after patch 100224-07 (from 102043-01) 1173101 5.x /bin/mail should be backward-compatible with 4.x /bin/mail In 5.x, "Content-length" is being used to specify how long the message is. This is causing problems when mail spooled on 4.x is mounted on 5.x. In absence of "Content-length" , /bin/mail on 5.x has problems with figuring out how long the mail message is. "from " at the beginning of line causes /bin/mail to incorrectly display mail headers. Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- None.