>>>>> "Christopher" == Christopher Klaus <gt6468c @
>> This *IS* not the complete exploit. There was a crucial step to the exploit
>> that was left out. I do think the person who dumped the above to IRC
>> intentionally left the step out.
Yes, I intentionally left the crucial step out...
Christopher> I think anyone who has played with sendmail could figure
Christopher> out the step. All you need to do is send a message to a
Christopher> correct address, before trying to send to '| sed...'.
did you TRY what you just said?
sfi% telnet mailhost smtp
Trying 220.127.116.11 ...
Connected to sfi.
Escape character is '^]'.
220 sfi.santafe.edu Sendmail 4.1/SMI-4.1 ready at Mon, 1 Nov 93 14:45:21 MST
mail from: scott
250 scott... Sender ok
rcpt to: scott
250 scott... Recipient ok
354 Enter mail, end with "." on a line by itself