Bugtraq mailing list archives

Re: New Sendmail bug

From: phro () SEGFAULT RES WPI EDU (Jeffrey Moyer)
Date: Mon, 24 Mar 1997 08:44:07 -0500


On Sat, 22 Mar 1997 C0WZ1LL4 () NETSPACE ORG wrote:

Hello fellow mongoloids
Try this:
Make hard link of /etc/passwd to /var/tmp/dead.letter
Telnet to port 25, send mail from some bad email address to some unreacheable hoost.
Watch your message get appended to passwd.
ie:
cowzilla::0:0:c0wz1ll4 0wns u:/:/bin/sh


Okay, here is a very very simple kluge to temporarily fix it.  Create a
file /var/tmp/dead.letter with chmod 0644 perms.  That way no one can make
the hard link to /etc/passwd, b/c the file /var/tmp/dead.letter already
exists.

        -phro

=====================================================================
phro () wpi edu                                            Jeffrey Moyer
                        network operations
                         net-ops () wpi edu
                Linux - The Choice of a GNU Generation
                  http://segfault.res.wpi.edu/~phro

Current thread:

buffer over in hp-ux 10.20 kernel C0WZ1LL4 () NETSPACE ORG (Mar 21)
- Re: New Sendmail bug Jeffrey Moyer (Mar 24)
  - Re: New Sendmail bug Gonzo Granzeau (Mar 24)
    - Re: New Sendmail bug Claude Scarpelli (Mar 25)
    - Latest IE FIX from MS is a HOAX Aaron Spangler (Mar 25)
    - Re: Latest IE FIX from MS is a HOAX Michael H. Warfield (Mar 25)
    - ANNOUNCE : NTCrack v1.0 Jonathan Wilkins (Mar 27)
    - There are more loopholes in LPD Patrick Powell (Mar 28)
    - symlink bug in tin/rtin NetRunner (Mar 29)
    - Re: symlink bug in tin/rtin Nelson Murilo (Mar 29)
    - ANNOUNCE : NTCrack v2.0 Jonathan Wilkins (Mar 29)
    - more sendmail poop *Hobbit* (Mar 25)

(Thread continues...)