Bugtraq mailing list archives
Re: procmail
From: athan () MERSINET CO UK (Neil Soveran-Charley)
Date: Tue, 6 Aug 1996 22:30:46 +0100
hi there , I just heard from a friend that there is a bug in procmail which allows anyone to open an xterm window from any m/c .has anyone heard of this if so can u post the details and the xploit thanx danny
NB: This isn't a 'hack an account' hole. However if you have 'ftponly' accounts, i.e. people grab email via pop, but also have ftp access for maintaingin their web pages, with a 'shell' that prints a message and exits, then the following is possible to work around such security... I think there may well be such an exploit. I'd guess it is simply something like: (.procmailrc contents) :0 Hc * ^Subject:.*APassword /usr/bin/X11/xterm -display <some display> -e <a shell> (end .procmailrc) Then email yourself with something with the password in the subject line and an xterm gets popped up on the display, running the given shell, thus bypassing any 'locked account' or 'ftponly' shells... I'm sure procmail MUST have some security feature to disallow this sort of thing? But I could be wrong, and haven't checked the manual pages yet. For now I'm going to make procmail only executeable by a certain group, and stick the 'admin' types in that. Of course if you don't NEED X on the mail server, just delete it and it removes THIS particular exploit. BUT I'd feel more comfortable with making procmail only executeable by 'internal' accounts. The customer, in our case, isn't PAYING for a shell account, and so shouldn't get ANY of the facilites of one... Never mind the security issues... -Neil -- ************************************************************** * Neil Soveran-Charley, SysAdmin, Mersinet Internet Services * * Email: athan () mersinet co uk * "What? No quote?" * **************************************************************
Current thread:
- Re: Exploiting Zolaris 2.4 ?? :) Leif Hedstrom (Aug 04)
- <Possible follow-ups>
- Re: Exploiting Zolaris 2.4 ?? :) Fletch (Aug 04)
- Re: your mail Greg Woods (Aug 05)
- Re: your mail neill (Aug 05)
- PAM login programs? Josh Wilmes (Aug 05)
- procmail DANIEL .D .EZEKIEL (Aug 05)
- (Fwd) CERT Advisory CA-96.17 - Vulnerability in Solaris vold Hubert Feyrer (Aug 06)
- Re: procmail Adam Shostack (Aug 06)
- Re: procmail Jon Lewis (Aug 06)
- Re: procmail Neil Soveran-Charley (Aug 06)
- Re: procmail James Wang (Aug 06)
- Re: procmail Kari E. Hurtta (Aug 06)
- Re: procmail Ficus Kirkpatrick (Aug 07)
- Re: procmail Melody Lynn Yoon (Aug 07)
- Re: your mail Greg Woods (Aug 05)
- Re: PAM login programs? Marek Michalkiewicz (Aug 06)
- Re: PAM login programs? Arthur Donkers (Aug 06)