Old sendmail bugs

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Craig Metz: "Re: Various resources"
• Previous message: Timothy Newsham: "Re: Security Info (root broken)"

Subject: Old sendmail bugs

  I was playing with the old sendmail bug of:
rcpt to: /file/name
mail from: bob
data
<garbage>
 .
rcpt to: /file/name
mail from: bob
data
<data you want put into file>
 .

  I haven't actually seen this one work, so I'm not sure how the error
messages look, but I did notice every Berkeley sendmail around 5.[56].x
acts strangely: it will actually accept the second rcpt to: and accept
whatever data you want to throw at it, but then seems to do nothing with it. 
Is the bug still there, and I'm just missing how to exploit it, or is it
"supposed" to look like you broke sendmail?

  Is there any way to tell (without running a script with the above and logging
into the machine I'm testing) to tell if the machine is vulnerable?

  Thanks!

-Mike

• Next message: Craig Metz: "Re: Various resources"
• Previous message: Timothy Newsham: "Re: Security Info (root broken)"