Re: Sendmail 8.8.x/8.9.x bugware

From: Michal Zalewski (lcamtufat_private)
Date: Mon Jan 18 1999 - 09:04:08 PST

Next message: Mr. joej: "Remote Cisco Identification"

Previous message: tschweikat_private: "Win95/98 SMB Authentication Vulnerability (fwd)"
Next in thread: Brock Rozen: "Re: Sendmail 8.8.x/8.9.x bugware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 18 Jan 1999, Olaf Seibert wrote:

> 550 <rhialtoat_private@victim.some.where>... Relaying denied

As you noticed, relaying is denied in your configuration ;P This attack is
possible if relaying is enabled, and it allows multiple redirections
trough protected or external networks, which shouldn't be allowed.

For clearance - this problem IS PRESENT FOR SURE in 8.9.2, as well as DoS
attack described in previous mail... If Sendmail developers don't believe
me, I can post an exploit here, but iyt isn't really necessary, imho....

_______________________________________________________________________
Michal Zalewski [lcamtufat_private] [ENSI / marchew] [dione.ids.pl SYSADM]
[http://linux.lepszy.od.kobiety.pl/~lcamtuf/] <=--=> bash$ :(){ :|:&};:
[voice phone: +48 (0) 22 813 25 86] ? [pager (MetroBip): 0 642 222 813]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]

Next message: Mr. joej: "Remote Cisco Identification"
Previous message: tschweikat_private: "Win95/98 SMB Authentication Vulnerability (fwd)"
Next in thread: Brock Rozen: "Re: Sendmail 8.8.x/8.9.x bugware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:10 PDT