[3624] in bugtraq
Re: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2).
daemon@ATHENA.MIT.EDU (Alan Brown)
Sun Nov 17 13:43:51 1996
Date: Sun, 17 Nov 1996 23:54:47 +1300
Reply-To: Alan Brown <alan@manawatu.gen.nz>
From: Alan Brown <alan@manawatu.gen.nz>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199611160109.EAA04160@leshka.chuvashia.su>
On Sat, 16 Nov 1996, Leshka Zakharoff wrote:
> # This is exploit for sendmail smtpd bug
How many of these exploits are thwarted by setting sendmail.cf's
O RunAsUser=postmaster switch, making /var/spool/mail and var/spool/mqueue
664 postmaster.mail and giving postmaster a shell of /bin/false (C
version, compiled -Bstatic.)
AB
