[AusNOG] New Sendmail hole
Lawrence Steven Forster
lawrence.steven.forster at gmail.com
Mon Sep 20 19:54:46 EST 2010
Hi List,
Apparently there is a bug with (ironically) the DEBUG command in
sendmail where you can pipe command lines in where a recipient address
is expected. I can confirm SunOS 4 is vulnerable and we have been
seeing it come in for the last couple of days over both the dial-ins
and AUSTPAC.
I hope it will be fixed soon; I fear it is only a matter of time
before some of the more clever crackers leverage bugs like these into
a kind of autonomous distributed exploit that cracks one host then
uses that host as a staging point to attack more. Such a thing could
have terrible consequences for networks and operators everywhere.
Regards,
--
------------------------------------------
Lawrence Steven Forster
munnari!googlevax!gmail!lsf
------------------------------------------
More information about the AusNOG
mailing list