Bugtraq mailing list archives

Re: Sendmail 8.8.x/8.9.x bugware

From: lcamtuf () IDS PL (Michal Zalewski)
Date: Mon, 18 Jan 1999 18:04:08 +0100


On Mon, 18 Jan 1999, Olaf Seibert wrote:

550 <rhialto () hacker some place else@victim.some.where>... Relaying denied


As you noticed, relaying is denied in your configuration ;P This attack is
possible if relaying is enabled, and it allows multiple redirections
trough protected or external networks, which shouldn't be allowed.

For clearance - this problem IS PRESENT FOR SURE in 8.9.2, as well as DoS
attack described in previous mail... If Sendmail developers don't believe
me, I can post an exploit here, but iyt isn't really necessary, imho....

_______________________________________________________________________
Michal Zalewski [lcamtuf () ids pl] [ENSI / marchew] [dione.ids.pl SYSADM]
[http://linux.lepszy.od.kobiety.pl/~lcamtuf/] <=--=> bash$ :(){ :|:&};:
[voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]

Current thread:

New IE4 privacy issue, (continued)
- - - New IE4 privacy issue aleph1 () UNDERGROUND ORG (Jan 25)
    - Re: SSH 1.x and 2.x Daemon Jim Bourne (Jan 25)
    - Re: backdoored tcp wrapper source code Wietse Venema (Jan 23)
    - LocalSecure Testing Program NSS SDT (Jan 21)
    - Re: backdoored tcp wrapper source code John Stange (Jan 24)
    - Advisory: IIS FTP Exploit/DoS Attack Marc (Jan 24)
    - Re: Advisory: IIS FTP Exploit/DoS Attack Seth McGann (Jan 24)
    - Re: Advisory: IIS FTP Exploit/DoS Attack Matt Conover (Jan 25)
    - IIS Advisory Marc (Jan 24)
- IIS 4 Request Logging Security Advisory mnemonix (Jan 22)
- Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Jan 18)
  - Re: Sendmail 8.8.x/8.9.x bugware Brock Rozen (Jan 18)
  - Linux 2.0.36 vulnerable to local port/memory DoS attack David Schwartz (Jan 19)
  - Re: Sendmail 8.8.x/8.9.x bugware Steve VanDevender (Jan 19)