[1124] in bugtraq
Re: Gopher attack? (not a sighting just a question)
daemon@ATHENA.MIT.EDU (Mike Shaver)
Mon Feb 27 18:30:57 1995
From: mshaver@schoolnet.carleton.ca (Mike Shaver)
To: fc@all.net (Dr. Frederick B. Cohen)
Date: Mon, 27 Feb 1995 17:03:41 -0500 (EST)
Cc: bugtraq@fc.net
In-Reply-To: <9502271349.AA21814@all.net> from "Dr. Frederick B. Cohen" at Feb 27, 95 08:49:15 am
Dr. Frederick B. Cohen mumbled something vague about:
>
> I was thinking about the sendmail attack working from the inside as
> opposed to the outside and it occured to me that gopher sends email
> (upon request) to transmit a file to the person using the gopher server.
> Could this be used (by sending the mail to another user on the gopher
> server) to launch the sendmail attack as an insider? Probably not,
> but I just thought I'd ask.
I believe that the client does the mailing, not the server.
If that's the case, then I don't think you'd get a significantly greater
risk. Especially since the attack would only work if the identd on the
user's machine is hostile. Or am I missing some subtle interaction between
the client and the mail system?
Mike
