Bugtraq mailing list archives
Re: Sendmail local root exploit on linux 2.2.x
From: iwi () ATM OX AC UK (Alan Iwi)
Date: Mon, 12 Jun 2000 09:28:14 -0000
then create a .forward with: |/path/to/add
I tried this on an out-of-the-box Redhat 6.1 system. In fact, on this system sendmail is configured to use smrsh, which forbids piping mail to arbitrary programs with .forward. But such systems are still vulnerable, because sendmail is configured to run procmail. Just change the exploit to use a .procmailrc file instead of .forward. Here's an example: LOGFILE=/etc/crontab LOG="* * * * * root /tmp/my_dodgy_script.sh " LOGABSTRACT=no :0 /dev/null Alan
Current thread:
- Sendmail local root exploit on linux 2.2.x Florian Heinz (Jun 08)
- Snort 1.6 and nmap 2.54beta1 Galileo (May 12)
- Re: Snort 1.6 and nmap 2.54beta1 Simple Nomad (Jun 14)
- Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON Tom Yu (Jun 14)
- Security Advisory: local ROOT exploit in BRU Technical Support (Jun 14)
- Re: Snort 1.6 and nmap 2.54beta1 Martin Roesch (Jun 14)
- Re: Sendmail local root exploit on linux 2.2.x Mark K. Pettit (Jun 08)
- Reporting Security Issues to Microsoft Microsoft Security Response Center (Jun 08)
- Re: Sendmail local root exploit on linux 2.2.x Christophe GRENIER (Jun 08)
- arprelay: a tool to edit TCP connections in a LAN Felix von Leitner (Jun 09)
- Re: Sendmail local root exploit on linux 2.2.x Alan Iwi (Jun 12)
- Splitvt exploit syzop (Jun 14)
- Re: Splitvt exploit Joey Hess (Jun 14)
- Re: Splitvt exploit Andrey Savochkin (Jun 16)
- Re: Splitvt exploit Joey Hess (Jun 16)
- NAI WebShield SMTP does not scan base64 encoding chris.paget () ANALYSYS COM (Jun 20)
- Re: Splitvt exploit Joey Hess (Jun 14)
- Re: Splitvt exploit Kris Kennaway (Jun 15)
- Re-release of IIS 5.0 Patch for MS00-031 Microsoft Product Security (Jun 16)
- Infosec.20000617.panda.a Ian Vitek (Jun 17)
- Snort 1.6 and nmap 2.54beta1 Galileo (May 12)
- Reliable Software Technologies releases new e-mail virus protection software Tim Hollebeek (Jun 14)
- Microsoft Security Bulletin (MS00-041) Microsoft Product Security (Jun 14)