Bron: [url=http://online.securityfocus.com]Security Focus[/url]
Er is een bug gevonden in alle versies van OpenBSD waardoor het makkelijk is om root commandos uit te voeren door een willekeurige hacker.
[quote]Program /usr/bin/mail accepts escape sequences while running in
the non-interactive mode. When the attacker inserts the escape sequence
into the stream which is used as an input to the mail command this escape
sequence is interpreted by the mail command and it is possible for example
execute arbitrary commands or read/write any file in the system with the
privileges of the user running /usr/bin/mail.
[/quote]
[url=http://online.securityfocus.com/archive/1/267121]Het hele artikel[/url]