COMMAND

    bsd_mail(1) (/usr/sbin/Mail)

SYSTEMS AFFECTED

    IRIX 3.3 and 3.31

PROBLEM

    /usr/sbin/Mail can fail to reset its  group id to the group id  of
    the caller.   Can allow any  user logged onto  the system to  read
    any other user's (including root's) mail.

SOLUTION

    A  fixed  /usr/sbin/Mail  binary  has  been  made  available   for
    anonymous ftp from SGI.COM  ([192.48.153.1]).  The correct  binary
    can be found at:

        sgi/Mail/Mail

    under the ftp directory.

    Note  that  this  binary  must  be  installed  with the same group
    (mail)  and  permissions  (2755)  as  your  existing  3.3 or 3.3.1
    /usr/sbin/Mail.