> I just read the new CERT advisory on the sendmail bug.. anybody have any > details? No details, but I have confirmed part of it on one of my AIX boxes. > I gathered it had something to do with imbedding newlines in > either the info it reads from identd and/or imbedding newlines > when giving it command line options.. but it's hard to say. The method I exploited was that of using newlines in the command options. By imbedding newlines in the recipient address, it is possible to write extra lines to sendmail's queue file. Carefully chosen additions will let you run an arbitrary program as an arbitrary user (except maybe root -- I cracked bin). -- Michael Van Norman mvn@library.ucla.edu Library Information Systems/Development +1.310.206.5579 (voice) University of California, Los Angeles +1.310.206.2880 (facsimile) 11334 University Research Library http://www.library.ucla.edu/~mvn Los Angeles, California 90095-1575