search for: pathsize

...access to any Solaris, so I''m not 100% sure. Redhat Linux mailx has the bug, but as they don''t install it setgid mail there''s no direct danger. About the bug: it is in "fio.c", in the "xname" variable of the "expand" function: char xname[PATHSIZE]; [...] sprintf(xname, "%s%s", homedir, name + 1); Two attachments are included in this message: -A patch against mailx-8.1.1 that solves the problem. There are a lot of buffer overflows in the sources of mailx, although only the one I mention seems to be exploitable. The patch i...