Re: New Sendmail bug

[bygranz () RS6000 CMP ILSTU EDU (Gonzo Granzeau)]

Jeffrey Moyer once rambled this:
> On Sat, 22 Mar 1997 C0WZ1LL4 () NETSPACE ORG wrote:
>
> > Hello fellow mongoloids
> > Try this:
> > Make hard link of /etc/passwd to /var/tmp/dead.letter
> > Telnet to port 25, send mail from some bad email address to some
> > unreacheable hoost.
> > Watch your message get appended to passwd.
> > ie:
> > cowzilla::0:0:c0wz1ll4 0wns u:/:/bin/sh

okay, just want to point out some things about this exploit...
this won't work on big boxes that are partitioned cause you can only do a
hard link on the same file system.  another point is that any box that has
a 'MAILER-DAEMON' defined will get any mail that gets sent there instead of it
saving it to /var/tmp/dead.letter, ie, make an /etc/aliases file that defines
a MAILER-DAEMON. for instance, i add these two to my /etc/aliases:

MAILER-DAEMON:gonzo
postmaster:gonzo

then you just type 'newaliases' and you're good to go. (postmaster is a
general good idea) course then you have to deal with ppl's messed up mail...

> Okay, here is a very very simple kluge to temporarily fix it.  Create a
> file /var/tmp/dead.letter with chmod 0644 perms.  That way no one can make
> the hard link to /etc/passwd, b/c the file /var/tmp/dead.letter already
> exists.

that would help out cause you could see who was trying to break into your
system, but that is not an agreeable solution.

gonzo
--
+----R-----------------T---------------------F------------------M---+
|  Gonzo Granzeau  http://www.ilstu.edu/~bygranz Unix Support `8r)  |
|              "Let's go get tatoos!!"  "uh... okay."               |
|     Nothing I (/usr/dict/words) has to do with Unix Support       |