-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1998.12: mailx is vulnerable to
typical /tmp exploits

Topic: mailx is vulnerable to typical /tmp exploits
Advisory issue date: 24-July-1998


I. Problem Description


II. Impact

Description:

	mailx creates files in /tmp in an unsafe manner.

Vulnerable Systems:

	OpenLinux systems up to and including OpenLinux 1.2 with the
	mailx-8.1.1-1 rpm package.


III. Solution

Correction:

        The proper solution is to upgrade to the mailx-8.1.1-3 package. 
	
        It can be found on Caldera's FTP site at:
        ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/RPMS

        The corresponding source code can be found at:
        ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/SRPMS

	The MD5 checksums (from the "md5sum" command) for these
	packages are:

	87ed7999df10c0109ca00abab784c253  RPMS/mailx-8.1.1-3.i386.rpm
	30840f0707958dd77b52d88daedb8d3b  SRPMS/mailx-8.1.1-3.src.rpm

        Upgrade with the following commands:

	rpm -q mailx && rpm -U mailx-8.1.1-3.i386.rpm


IV. References

        This and other Caldera security resources are located at:
	http://www.caldera.com/news/security/index.html

        This security fix closes Caldera's internal Problem Report
	1852.


V. PGP Signature

	This message was signed with the PGP key for security@caldera.com.

	This key can be obtained from:
		ftp://ftp.caldera.com/pub/pgp-keys/

	Or on an OpenLinux CDROM under:
		/OpenLinux/pgp-keys/

	$Id: SA-1998.12.txt,v 1.3 1998/07/24 13:00:36 rf Exp $


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNbiFdOn+9R4958LpAQExGAP/e7PkvkYgiatcWm5WF57f3G2bQdYKP9S6
RGg3FFHqv0mrAB2sRUe4Wv8tOA6pw18cKGG9ZJnt2W5BEDN8x32mf59yzQSFj0uc
cCA94AJsaX9OBGIbk4PS/v6RsALrxADftI98QmlghiWfSTvelr07KkdQkiPP7Xo1
QaRpyuaNJ6c=
=mCmi
-----END PGP SIGNATURE-----