Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Debug command on Sendmail

From: George Gales <george_gales () NON AGILENT COM>
Date: Wed, 13 Sep 2000 12:50:33 -0600
Ok, this one's pretty ancient, I'll explain how it works.  Basically,
sendmail's DEBUG command is evil because an unauthenticated user can kill
sendmail remotely.

Simply telnet to the vulnerable sendmail server on port 25, type DEBUG and
press enter.  If you get "200 Debug set" in response, you're vulnerable.
Then you can type KILL and press enter, and sendmail aborts and dies.  The
only locatable version of sendmail I found that was vulnerable was Sendmail
5.58.

Recent versions don't allow debug mode, and will log attempts to use it.
Also, check out the old WIZ command (wizard mode) - a simple
misconfiguration in the config file allows folks to use the WIZ command with
no password a all.

Check out www.securityfocus.com vulnerability database, as well as the CVE
database at http://cve.mitre.org.  The hardest part is getting hold of an
old enough version of sendmail, for that I've used FileWatcher at
http://filewatcher.org - even normal search engines work ok if you know the
filename you're looking for.

Enjoy!
-Simon
george_gales () non agilent com


-----Original Message-----
From: DonSata (ZekSata) [mailto:zeksata () UNICRAFT COM]
Sent: Tuesday, September 12, 2000 11:33 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Debug command on Sendmail


Hi there,
Im not a security expert and probably very far from getting there... anyhow
Im making a really big effort to get to it. =)
I've been an active reader of all comments in all the security realted
mailing lists and have been trying to exercise all kinds of exploits and
penetration tests in my own home-built lab. I guess its the best way to
learn how to protect myself from them.
ok.. enough of that...
Im hoping someone could help with the following.

I have bumped several times into the DEBUG COMMAND exploit for Sendmail. I
get this using nessus scanner.
Like with all other vulnerabilities, I try to find the way to make it work,
without using any kind of scripts. (Remember... my goal here is to learn...
not actually the succesfull penetration of a system.)
The only information I get about this vulnerability is the one at
www.nessus.org home page and the one in here:
www.cert.org//advisories/CA-93.14.Internet.Security.Scanner.html

Can anybody point me to a script which I can study with to learn how this
exploit actually works? or a paper that describes something usefull about
it? I only seem to find people that say.. "update the version of sendmail"
and things like that...
my question is "WHY?".

Regards,
ZekSata
Previous By Date Next
Previous By Thread Next

Current thread: