[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: [LI] root access from old sendmail boxes
Thus spake Sathya Rangaswamy:
> > Make hard link of /etc/passwd to /var/tmp/dead.letter
> Now why would I want to do that ?. I do understand the sendmail bug.
> But if a hacker can get in and create the link why even bother linking,
The hard link is created by you on ~your~ box :) As you see, you are
telnetting to that server - so it assumes that your box and the hackable
box are different.
Or did you assume you need to get an account from the server you want to
root, and do it on that? [That can be done too <g>]
ps - This is a messy hack - leaves logs all over the place. However, as
you are root, /var/log is accessible too ;) I tried it with a brain dead
Solaris 2.5 [1] box on my LAN, and it worked.
[1] Solaris 2.5 (or any SunOS upto kernel 5.7) comes with sendmail
installed in stupid mode (anonymous open relay). The sendmail is
seriously broken - and CAN'T be secured.
Cure - Stop sendmail daemon, rm -rf all the sendmail directories and
install a 8.9.3 (or 8.10.0) tarball from ftp.sendmail.org (or the sunsolve
site). QMail / Postfix / $MTA fans use whatever you please, after
deleting sendmail.
--
Suresh Ramasubramanian | President, CAUCE India
r.suresh@xxxxxxxxxxxxxxx | suresh@xxxxxxxxxxxxxxx
http://www.india.cauce.org | Stopping Spam In India
--
I've noticed several design suggestions in your code.
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available. Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.