Re: Hey the crackers have a new twist 8-(.
Brent Chapman (brent@greatcircle.com)
Sat, 26 Mar 1994 11:23:30 -0800
Sean McLinden <sean+@andrew.cmu.edu> writes:
#
# [Description of mailing a script to a shell on sendmail-based systems deleted.]
I think you missed John's point. It wasn't that crackers were trying
to trick sendmail into running shell scripts; that's old hat. The
point was that _what_ they were attempting to trick sendmail into
running was something clearly designed to work from within a
SOCKS-guarded network. That they were attempting to introduce the
program using old Sendmail bugs is of minor importance.
# This "sort of attack" was the basis for the Morris Internet Worm which
# attracted (inter)national attention a few years back (I always preferred
# the term "Trojan Horse") This "feature" of sendmail and some other
# Unix-based mailers was well documented and, frankly, I am astounded that
# any person who collected a paycheck as a security officer for Unix
# systems would not know about this. In fact, one of the ironies of the
# Morris incident was that Morris used a feature which was actually well
# known in the Unix community and for which the security implications were
# also well known.
This is real close to a flame against John and his client. There's
no place for such on the Firewalls mailing list. If you've got
something technical to contribute, great, but if what you've got to
say is essentially "gee, how could you be so stupid?", then just keep
it to yourself or send it via private email; don't include the
Firewalls mailing list.
-Brent
--
Brent Chapman Great Circle Associates
Brent@GreatCircle.COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041