source: wwwsecurityfocuscom/bid/849/info
Certain versions of SCO's UnixWare (only 71 was tested) ship with the /var/mail/
directory with permission 777(-rwxrwxrwx) This in effect allows malicious users to read incoming mail for users who do not yet have a mail file (/var/mail/username) present This may be done by simply creating the f ...