On Mon, 18 Jan 1999, Olaf Seibert wrote: > 550 <rhialtoat_private@victim.some.where>... Relaying denied As you noticed, relaying is denied in your configuration ;P This attack is possible if relaying is enabled, and it allows multiple redirections trough protected or external networks, which shouldn't be allowed. For clearance - this problem IS PRESENT FOR SURE in 8.9.2, as well as DoS attack described in previous mail... If Sendmail developers don't believe me, I can post an exploit here, but iyt isn't really necessary, imho.... _______________________________________________________________________ Michal Zalewski [lcamtufat_private] [ENSI / marchew] [dione.ids.pl SYSADM] [http://linux.lepszy.od.kobiety.pl/~lcamtuf/] <=--=> bash$ :(){ :|:&};: [voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:10 PDT