Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: procmail / Sendmail - five bugs
From: robert.e.jones () CWO COM AU (Rob Jones)
Date: Tue, 21 Dec 1999 14:38:44 +1100


a) Sendmail (tested with 8.9.3 and previous) allows you to put mail
   addressed to eg. '|/bin/sh' (or any file) into mail queue. Fortunately,
   this queue file should contain also line like 'Croot' to be processed
   properly, while we have no idea how to put it there. But, anyway,
   seems to be dangerous - Sendmail should reject such crap immediately:

   /usr/sbin/sendmail -O 'DeliveryMode=d' '""|/bin/sh'

  (without these double-quotes, it _will_ immediately drop your message)

with or without these double-quotes the message is immediately dropped
on redhat linux with the message

[rob () greedo rob]$ /usr/sbin/sendmail -O 'DeliveryMode=d' '""|/bin/sh'
""|/bin/sh... User unknown

[rob () greedo rob]$ /usr/sbin/sendmail -O 'DeliveryMode=d' '|/bin/sh'
|/bin/sh... Cannot mail directly to programs

Same hapens if I am root or try remotely.

Rob


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]