Bugtraq mailing list archives
Re: new sendmail bug?
From: mvn () Library UCLA EDU (Michael Van Norman)
Date: Thu, 23 Feb 1995 05:31:10 -0800 (PST)
I just read the new CERT advisory on the sendmail bug.. anybody have any details?
No details, but I have confirmed part of it on one of my AIX boxes.
I gathered it had something to do with imbedding newlines in either the info it reads from identd and/or imbedding newlines when giving it command line options.. but it's hard to say.
The method I exploited was that of using newlines in the command options. By imbedding newlines in the recipient address, it is possible to write extra lines to sendmail's queue file. Carefully chosen additions will let you run an arbitrary program as an arbitrary user (except maybe root -- I cracked bin). -- Michael Van Norman mvn () library ucla edu Library Information Systems/Development +1.310.206.5579 (voice) University of California, Los Angeles +1.310.206.2880 (facsimile) 11334 University Research Library http://www.library.ucla.edu/~mvn Los Angeles, California 90095-1575
Current thread:
- Sun Security Bulletin #129 (sendmail), (continued)
- Sun Security Bulletin #129 (sendmail) Mark Graff (Feb 22)
- new sendmail bug? James W. Abendschan (Feb 22)
- Re: new sendmail bug? joel (Feb 22)
- Re: new sendmail bug? Dave Horsfall (Feb 22)
- Sendmail 8.6.10: what's different? der Mouse (Feb 23)
- X keyboard sniffing Paul Howell (Feb 23)
- Re: Sendmail 8.6.10: what's different? Igor V. Semenyuk (Feb 23)
- Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 24)
- Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 23)
- Re: Sendmail 8.6.10: what's different? Christian Wettergren (Feb 24)
- Re: new sendmail bug? Michael Van Norman (Feb 23)
- Re: snooper watchers Aleph One (Feb 22)
- Re: HP-UX Problem... Pete Shipley (Feb 21)