[4067] in WWW Security List Archive
Re: E-mail
daemon@ATHENA.MIT.EDU (Hong)
Sat Jan 25 13:47:19 1997
To: Evil Pete <shipley@dis.org>
Cc: xande <xande@venus.rdc.puc-rio.br>, www-security@ns2.rutgers.edu
Reply-To: chong@tip.com.sg
In-Reply-To: Your message of "Fri, 24 Jan 1997 11:33:39 PST."
<199701241933.LAA24512@merde.dis.org>
Date: Sun, 26 Jan 1997 00:36:38 +0800
From: Hong <chong@b96.tip.com.sg>
Errors-To: owner-www-security@ns2.rutgers.edu
-----BEGIN PGP SIGNED MESSAGE-----
Content-Type: text/plain; charset=us-ascii
> >I'd like to know if this program exists...
> >It's a program that u send an e-mail to someone...then.. it bring me back
> >the passwd file... I'd like to know this...
> >By xande
>
> it is bullshit unless the email contain a executable and you are dumb enough
> to run it....
Hi,
I think this was a problem with some ancient sendmails.
Several old sendmail bugs would allow you to execute arbitary
commands on a system. The passwd file can certainly be obtained
using the old decode fxn if shadow passwd is not in place.
regards,
Hong
- - pub 1024/789D2CA9 1996/01/12 Shyue-Hong Chuang <chong@tip.com.sg> -
PGP fingerprint = C6 59 5A 94 D5 6C D7 EC 55 A3 66 E6 5E 94 35 AD
tel : +65 XXX-XXXX url : http://www.tip.com.sg/~chong
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBMuo2lczSxYN4nSypAQGWNAP+LpiJOk9+HhG8BQzz5z99yLLqxXDfh3t4
sPgANk+FWx6VFqcRY14TrsU6UqhxI2deWXEkNJ7wF1olZPLUXFhYfEO6jNy2OsoY
HxB0LvkfAQ5ODbL2BXyn8R9obl6d5vrO6dsUDeYwFRFIV13/AHxwPrDvPeOV7M4N
i7lqXlqRd1k=
=BpgZ
-----END PGP SIGNATURE-----
