Bugtraq mailing list archives

Re: new sendmail bug?

From: Quentin.Fennessy () SEMATECH Org (Quentin Fennessy)
Date: Thu, 23 Feb 1995 13:19:05 -0600


Michael Van Norman <mvn () Library UCLA EDU> said:

The method I exploited was that of using newlines in the command
options.  By imbedding newlines in the recipient address, it is
possible to write extra lines to sendmail's queue file.  Carefully
chosen additions will let you run an arbitrary program as an arbitrary
user (except maybe root -- I cracked bin).


That is good news, Michael.  Seeing as this is a full-disclosure
list would you please publish details so we can test our own systems?
After all, computer science is an experimental science...

Quentin Fennessy

Current thread:

Re: new sendmail bug? Quentin Fennessy (Feb 23)
- Bugtraq mailing list QM Admin (Feb 22)
- New Sendmail hole (w/IDENT?) John Adams (Feb 22)
- SGI patch for sendmail hole Dave Schweisguth (Feb 23)
- Re: new sendmail bug? Neil Woods (Feb 23)
- Bugtraq mailing list badbird () nether net (Feb 23)
  - Forgery... Dave Horsfall (Feb 23)
  - sendmail testing *Hobbit* (Feb 24)
    - Re: sendmail testing Michael R. Widner (Feb 25)
    - Re: sendmail testing Yossi Gottlieb (Feb 26)
    - lpr/lpd problems Baba Z Buehler (Feb 26)

(Thread continues...)