WEB Resources

ex·ploit\'ek-sploit,'ik-\ 1 a: to put to productive use
b: to take advantage of

----------------------------------------------------

.oO General | Email | FTP | Sendmail Oo.

Sendmail Exploits: they take advantage of the abundant weaknesses that are constantly being found in sendmail...Just FYI, the Root? column is to identify whether or not it is necessary to have root privileges in order to execute the exploit. The other columns should be self explanatory...if you have any questions or find any errors, feel free to drop an email my way. Other than that, take it easy gang...

Regards,
Silicon Toad

----------------------------------------------------

FILE NAME SIZE EXPLOIT ROOT?
* sendmail 4.1 (5k) Execute commands remotely
* sendmail 5.x (1k) Issue a request twice and write to .rhosts file
* sendmail 5.55 (1k) Execute commands and grab passwd file
* sendmail 5.59 (1k) Append to .rhosts files
* sendmail 5.65[5_6.5(1)-sendmail.txt - MISSING] (15k) Tail creates a daemon shell (uid daemon or any user)
* sendmail 5.65[5_6.5(2)-sendmail.txt - MISSING] (2k) Backdoors via 'wiz' and 'debug' commands
* sendmail 8.6.x (1k) Read a file that you just executed
* sendmail 8.6.4 (8k) Shows how to obtain a root shell
* sendmail 8.6.5 (14k) Problem running as owner of :include files
* sendmail 8.6.7 (1k) Allows anyone to read any file (including passwd)
* sendmail 8.6.9 (2k) Bogus values in command lines can put trash in headers and queue files
* sendmail 8.6.9 (6k) Send files (ie passwd) to an account you specify
* sendmail 8.6.9 (2k) IDENT information could end up in queue files
* sendmail 8.6.10 (6k) Append bogus cahracters and newlines to queue file
* sendmail 8.6.12 (4k) Destroy alias file by setting resource limits
* sendmail 8.6.12 (1k) .forward files can be symliks - may allow reading of files
* sendmail 8.7-8.8.2 (7k) smtpd bug - creates root shell in /tmp
* sendmail 8.7.5 (8k) Local user can gain root privaledges
* sendmail 8.8.0 (4k) Execute arbitrary commands as root via mime7to8() function
* sendmail-quota (11k) Hide files from your quota program
* sendmail-exploits (20k) A list of various sendmail exploits (as listed above)
* sendmail-bug (1k) Read any file

--------------------------------------------------

Top silicon@netwalk.com Disclaimer

Copyright © 1995-1997 Silicon Toad
Thou Shalt Not Copy
silicon@netwalk.com
Latest Revision: 01.Apr.1997 


  _________.___.____    .____________  ________    _______
 /   _____/|   |    |   |   \_   ___ \ \       \   \      \
 \_____  \ |   |    |   |   /    \  \/ |   |    \  /   |   \
 /        \|   |    |___|   \     \____|   |     \/    |    \
/  _____  /|___|________|___|\________/\_________/\  __|__  /
| /     \/         [   T    O    A    D   ]        \/     \ |
|(                                                         )|
('                                                         ')