[AusNOG] New Sendmail hole

Vitaly Osipov vitaly.osipov at gmail.com
Tue Sep 21 07:21:11 EST 2010


Look how far we've come in 22 years :)


On 20/09/10 7:54 PM, "Lawrence Steven Forster"
<lawrence.steven.forster at gmail.com> wrote:

> Hi List,
> 
> Apparently there is a bug with (ironically) the DEBUG command in
> sendmail where you can pipe command lines in where a recipient address
> is expected.  I can confirm SunOS 4 is vulnerable and we have been
> seeing it come in for the last couple of days over both the dial-ins
> and AUSTPAC.
> 
> I hope it will be fixed soon; I fear it is only a matter of time
> before some of the more clever crackers leverage bugs like these into
> a kind of autonomous distributed exploit that cracks one host then
> uses that host as a staging point to attack more.  Such a thing could
> have terrible consequences for networks and operators everywhere.
> 
> Regards,
> 
> --
> ------------------------------------------
> Lawrence Steven Forster
> munnari!googlevax!gmail!lsf
> ------------------------------------------
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog





More information about the AusNOG mailing list