Bugtraq mailing list archives
Reported Sendmail 8.8.4 Exploit
From: gshapiro () SENDMAIL ORG (gshapiro () SENDMAIL ORG)
Date: Tue, 25 Mar 1997 18:04:20 -0500
After many hours looking at the code and trying to reproduce the reported exploit in 8.8.4, I still don't see it as possible. It was possible in 8.8.3, but 8.8.4 fixed this. If anyone is able to reproduce this problem with 8.8.4, please send me the output of doing the exploit as follows: /usr/lib/sendmail -d44.5 -bs This will emulate the SMTP conversation so you can use the posted exploit. You can also try: /usr/lib/sendmail -d44.5 -f nonexistentuser nonexistentuser < /dev/null which will avoid the need to go through the SMTP conversation. People using 8.8.5 can also try to reproduce it since there weren't any changes from 8.8.4 to 8.8.5 which would have fixed this problem except 8.8.5 doesn't save to dead.letter the way the exploit shows. You can still get a save to dead-letter in 8.8.5 by removing the postmaster alias and rebuilding your alias database before trying the commands above. I would really like to hear from someone who can do this so I can be sure a fix gets into 8.8.6.
Current thread:
- Re: New Sendmail bug, (continued)
- Re: New Sendmail bug Gonzo Granzeau (Mar 24)
- Re: New Sendmail bug Claude Scarpelli (Mar 25)
- Latest IE FIX from MS is a HOAX Aaron Spangler (Mar 25)
- Re: Latest IE FIX from MS is a HOAX Michael H. Warfield (Mar 25)
- ANNOUNCE : NTCrack v1.0 Jonathan Wilkins (Mar 27)
- There are more loopholes in LPD Patrick Powell (Mar 28)
- symlink bug in tin/rtin NetRunner (Mar 29)
- Re: symlink bug in tin/rtin Nelson Murilo (Mar 29)
- ANNOUNCE : NTCrack v2.0 Jonathan Wilkins (Mar 29)
- Re: New Sendmail bug Gonzo Granzeau (Mar 24)
- more sendmail poop *Hobbit* (Mar 25)
- Reported Sendmail 8.8.4 Exploit gshapiro () SENDMAIL ORG (Mar 25)
- minor vulnerability in ELM Dmitry E. Kim (Mar 26)
- FreeBSD-SA-97:02: Buffer overflow in lpd Aleph One (Mar 26)
- Cisco 2509/2511 Albert Siersema (Mar 24)
- Re: Cisco 2509/2511 Dan Brown (Mar 24)
- Re: Cisco 2509/2511 Erdinc KAYA (Mar 24)
- Re: your mail Illuminati Primus (Mar 24)
- ObNag: running sendmail as root Tom Guptill (Mar 24)