Penetration Testing mailing list archives
Re: [PEN-TEST] Debug command on Sendmail
From: George Gales <george_gales () NON AGILENT COM>
Date: Wed, 13 Sep 2000 12:50:33 -0600
Ok, this one's pretty ancient, I'll explain how it works. Basically, sendmail's DEBUG command is evil because an unauthenticated user can kill sendmail remotely. Simply telnet to the vulnerable sendmail server on port 25, type DEBUG and press enter. If you get "200 Debug set" in response, you're vulnerable. Then you can type KILL and press enter, and sendmail aborts and dies. The only locatable version of sendmail I found that was vulnerable was Sendmail 5.58. Recent versions don't allow debug mode, and will log attempts to use it. Also, check out the old WIZ command (wizard mode) - a simple misconfiguration in the config file allows folks to use the WIZ command with no password a all. Check out www.securityfocus.com vulnerability database, as well as the CVE database at http://cve.mitre.org. The hardest part is getting hold of an old enough version of sendmail, for that I've used FileWatcher at http://filewatcher.org - even normal search engines work ok if you know the filename you're looking for. Enjoy! -Simon george_gales () non agilent com -----Original Message----- From: DonSata (ZekSata) [mailto:zeksata () UNICRAFT COM] Sent: Tuesday, September 12, 2000 11:33 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Debug command on Sendmail Hi there, Im not a security expert and probably very far from getting there... anyhow Im making a really big effort to get to it. =) I've been an active reader of all comments in all the security realted mailing lists and have been trying to exercise all kinds of exploits and penetration tests in my own home-built lab. I guess its the best way to learn how to protect myself from them. ok.. enough of that... Im hoping someone could help with the following. I have bumped several times into the DEBUG COMMAND exploit for Sendmail. I get this using nessus scanner. Like with all other vulnerabilities, I try to find the way to make it work, without using any kind of scripts. (Remember... my goal here is to learn... not actually the succesfull penetration of a system.) The only information I get about this vulnerability is the one at www.nessus.org home page and the one in here: www.cert.org//advisories/CA-93.14.Internet.Security.Scanner.html Can anybody point me to a script which I can study with to learn how this exploit actually works? or a paper that describes something usefull about it? I only seem to find people that say.. "update the version of sendmail" and things like that... my question is "WHY?". Regards, ZekSata
Current thread:
- Re: [PEN-TEST] Debug command on Sendmail George Gales (Sep 13)
- <Possible follow-ups>
- Re: [PEN-TEST] Debug command on Sendmail Steven M. Christey (Sep 14)
- [PEN-TEST] /cgi-bin/htimage.exe vulnerability DonSata (ZekSata) (Sep 20)