Re: [LI] root access from old sendmail boxes

[Suresh Ramasubramanian <r.suresh@xxxxxxxxxxxxxxx>]

> On Wed, 19 Jan 2000, Archan Paul wrote:

> > hi hi!! really cooool. I have already tested it on some ........

> Cracks like this aren't "cool" - they are a disgrace to our chosen OS,

Cracks are never cool, hacks (kernel hacks say) are :)

> It will take one major publicised breakin using a crack like this to make

These are already in considerable use (kidstuff, one might say).  First
around the hack / crack boards, then in Bugtraq, and then on
http://www.rootshell.com and also on CERT - which is one of the most
commonly visited sites re network security.  So it's not like I've just
found out something ultra new.

Remember, the versions of sendmail affected are over 4 years old!!

> Suresh - in future, don't publish the details of a crack, just the
> warnings.

Surprised nobody knew it :)  

This crack is so old, it's got whiskers on it.  And spammers / hackers
regularly use it, so that anyone with a few clues to rub together has
upgraded his sendmail.  That's not the only (kiddie level) crack for those
old distros btw - there are dozens of insecure ports, all with well
publicized cracks.

-- 
Suresh Ramasubramanian     | President, CAUCE India
r.suresh@xxxxxxxxxxxxxxx   | suresh@xxxxxxxxxxxxxxx
http://www.india.cauce.org | Stopping Spam In India
--
Happiness is a hard disk.

--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.