[AusNOG] New Sendmail hole
Vitaly Osipov
vitaly.osipov at gmail.com
Tue Sep 21 07:21:11 EST 2010
Look how far we've come in 22 years :)
On 20/09/10 7:54 PM, "Lawrence Steven Forster"
<lawrence.steven.forster at gmail.com> wrote:
> Hi List,
>
> Apparently there is a bug with (ironically) the DEBUG command in
> sendmail where you can pipe command lines in where a recipient address
> is expected. I can confirm SunOS 4 is vulnerable and we have been
> seeing it come in for the last couple of days over both the dial-ins
> and AUSTPAC.
>
> I hope it will be fixed soon; I fear it is only a matter of time
> before some of the more clever crackers leverage bugs like these into
> a kind of autonomous distributed exploit that cracks one host then
> uses that host as a staging point to attack more. Such a thing could
> have terrible consequences for networks and operators everywhere.
>
> Regards,
>
> --
> ------------------------------------------
> Lawrence Steven Forster
> munnari!googlevax!gmail!lsf
> ------------------------------------------
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list