Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: about sendmail 8.8.8 HELO hole
From: zach () MAILHOST CLIPPER NET (Zach White)
Date: Tue, 26 May 1998 22:17:34 -0700


Valentin Pavlov wrote:
-----Original Message-----
From: Micha³ Zalewski <lcamtuf () boss staszic waw pl>
To: info () rootshell com <info () rootshell com>
Date: 10 stycznia 1998 12:28
Subject: Sendmail 8.8.8 (qmail?) HELO hole.


Here's a brief description of Sendmail (qmail) hole I found
recently:

When someone mailbombs you, or tries to send fakemail, spam, etc -
sendmail normally attachs sender's host name and it's address
to outgoing message:
*snip*

I just checked qmail to see if it was vunerable, and qmail 1.02 is
safe because it displays the host before the helo string (It also
displayed the complete helo string, about 2000 characters). Another
exploit in sendmail and still none for qmail. ;)

--
***** Zach White [/\] ClipperNet Internet Access Services *****
***** Finger zach () mailhost clipper net for public PGP key *****



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]