[1058] in bugtraq
Re: new sendmail bug?
daemon@ATHENA.MIT.EDU (Quentin Fennessy)
Thu Feb 23 16:15:15 1995
Date: Thu, 23 Feb 1995 13:19:05 -0600
From: Quentin Fennessy <Quentin.Fennessy@SEMATECH.Org>
To: Michael Van Norman <mvn@Library.UCLA.EDU>
Cc: jwa@ecosys.nbs.nau.edu (James W. Abendschan), bugtraq@fc.net
Michael Van Norman <mvn@Library.UCLA.EDU> said:
> The method I exploited was that of using newlines in the command
> options. By imbedding newlines in the recipient address, it is
> possible to write extra lines to sendmail's queue file. Carefully
> chosen additions will let you run an arbitrary program as an arbitrary
> user (except maybe root -- I cracked bin).
That is good news, Michael. Seeing as this is a full-disclosure
list would you please publish details so we can test our own systems?
After all, computer science is an experimental science...
Quentin Fennessy
