The SunOS mail system is a mail transfer agent used in older versions of SunOS. This vulnerability allows local users to gain root privileges by exploiting certain command line arguments. If you're using an outdated version of SunOS, you're at risk of unauthorized access to your system.
You're affected if you use SunOS 4.1.1 or earlier. Check with: find / -name "mail" 2>/dev/null (Note: This command may not work on all systems; it's a rough approximation.)
Version info: Not specified in the advisory.
Upgrade to a supported version of SunOS, such as SunOS 5.4 or later.
- Apply the patch CA-91.01a.SunOS.mail.vulnerability from the CERT website: http://www.cert.org/advisories/CA-91.01a.SunOS.mail.vulnerability
Immediate mitigations:
- Restrict network access to your system (firewall it from the public internet)
- Audit system logs for suspicious activity