Great Circle Associates Firewalls
(November 1993) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Sendmail bug (feature ?) - is this it ?
From: scott @ santafe . edu
Date: Mon, 1 Nov 93 14:43:21 MST
To: gt6468c @ prism . gatech . edu (Christopher Klaus)
Cc: chasin @ crimelab . com (Scott Chasin), firewalls @ GreatCircle . COM
In-reply-to: Your message at 15:59:33 on Mon, 1 November 1993
References: <199311012059 . AA18851 @ prism . gatech . edu> <9311011827 . AA01182 @ crimelab> 
>>>>> "Christopher" == Christopher Klaus <gt6468c @
 prism .
 gatech .
 edu> writes:
>> This *IS* not the complete exploit.  There was a crucial step to the exploit
>> that was left out.  I do think the person who dumped the above to IRC
>> intentionally left the step out.

Yes, I intentionally left the crucial step out... 

Christopher> I think anyone who has played with sendmail could figure
Christopher> out the step.  All you need to do is send a message to a
Christopher> correct address, before trying to send to '| sed...'.

oh?

did you TRY what you just said?


sfi[666]% telnet mailhost smtp
Trying 192.12.12.1 ...
Connected to sfi.
Escape character is '^]'.
220 sfi.santafe.edu Sendmail 4.1/SMI-4.1 ready at Mon, 1 Nov 93 14:45:21 MST
mail from: scott
250 scott... Sender ok
rcpt to: scott
250 scott... Recipient ok
data
354 Enter mail, end with "." on a line by itself
References:
Indexed By Date Previous: Re: Sendmail bug (feature ?) - is this it ?
From: wietse @ wzv . win . tue . nl (Wietse Venema)
Next: Re: Sendmail bug (feature ?) - is this it ?
From: mjr @ TIS . COM
Indexed By Thread Previous: Re: Sendmail bug (feature ?) - is this it ?
From: "Perry E. Metzger" <pmetzger @ lehman . com>
Next: Re: Sendmail bug (feature ?) - is this it ?
From: Christophe Wolfhugel <Christophe . Wolfhugel @ grasp . insa-lyon . fr>
Google
 
Search Internet Search www.greatcircle.com