> > Moral: disable the program mailer!
> Yep. Actually, I leave it in, and replace it with a script
> that sends the admin a nice note including the mail message and
> all its command lines. You can catch the most amazing fish that
> way. One goof was mailing around a script to build a minimal sockd,
> intended to compile and execute on any firewall it could trigger
> the sendmail bug upon. Pretty nasty stuff.
Yea, Scott Chasin posted that sendmail sockd script to Firewalls a while
ago. Fortunately, it only worked on SunOs4.x. With some minor
modifications, it could work on AIX, Ultrix, etc. I believe CERT said
they reported a substancial breakin increase like the day after Scott
posted it also. ISS checks for that bug, and you would be suprised
within a given site, how many machines pop up vulnerable, ready for any
intruder to pluck.
Christopher William Klaus Voice: (404)518-0099. Fax: (404)518-0030
Internet Security Systems, Inc. Computer Security Consulting
2209 Summit Place Drive, Atlanta, GA. 30350-2450.