[9108] in bugtraq
Re: Sendmail 8.8.x/8.9.x bugware
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Mon Jan 18 15:02:17 1999
Date: Mon, 18 Jan 1999 18:04:08 +0100
Reply-To: Michal Zalewski <lcamtuf@IDS.PL>
From: Michal Zalewski <lcamtuf@IDS.PL>
X-To: Olaf Seibert <rhialto@polder.ubc.kun.nl>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199901181653.RAA05911@polder.ubc.kun.nl>
On Mon, 18 Jan 1999, Olaf Seibert wrote:
> 550 <rhialto@hacker.some.place.else@victim.some.where>... Relaying denied
As you noticed, relaying is denied in your configuration ;P This attack is
possible if relaying is enabled, and it allows multiple redirections
trough protected or external networks, which shouldn't be allowed.
For clearance - this problem IS PRESENT FOR SURE in 8.9.2, as well as DoS
attack described in previous mail... If Sendmail developers don't believe
me, I can post an exploit here, but iyt isn't really necessary, imho....
_______________________________________________________________________
Michal Zalewski [lcamtuf@ids.pl] [ENSI / marchew] [dione.ids.pl SYSADM]
[http://linux.lepszy.od.kobiety.pl/~lcamtuf/] <=--=> bash$ :(){ :|:&};:
[voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
