[4167] in WWW Security List Archive
Re: E-mail
daemon@ATHENA.MIT.EDU (Piers Cawley)
Wed Jan 29 08:17:54 1997
To: www-security@ns2.rutgers.edu
In-reply-to: Your message of "Tue, 28 Jan 1997 07:38:16 EST."
<9701280738.ZM27400@ws209012.lab.ny.smb.com>
Date: Wed, 29 Jan 1997 11:29:56 +0000
From: Piers Cawley <pdcawley@aladdin.net>
Errors-To: owner-www-security@ns2.rutgers.edu
> On Jan 25, 10:13am, Kevin Gannon wrote:
> > Subject: Re: E-mail
> > On Fri, 24 Jan 1997, Evil Pete wrote:
> >
> > > >I'd like to know if this program exists...
> > > >It's a program that u send an e-mail to someone...then.. it bring me back
> > > >the passwd file... I'd like to know this...
> > > >By xande
> > >
> > > it is bullshit unless the email contain a executable and you are dumb
> enough
> > > to run it....
> > >
> >
> > It is not bullshit if you are talking about UNIX boxes on older
> > version of Sendmail it was possible to get the passwd file mailed
> > out.
> >
> > Kev.
>
>
> Kevin is right. Check out some of the known SENDMAIL books out on the
> street. They talk about of the known problems of the older versions of
> sendmail and how to correct them. Also, might want to take a look
> at anything posted from CERT.
Indeed, CERT just posted that apparently it's possible, using a suitably evil
MIME message to persuade certain versions of sendmail to execute any arbitrary
command, with root priviledges -- you don't need the password file when you
can add something to it...
