The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #249 [Re: DANGER: UUCP *can* propogate the Worm] (1 message, 558 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/249.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: pleasant@aramis.rutgers.edu (Mel Pleasant)
To: phage
Date: Sun 21:15:28 13/11/1988 EST
Subject: Re: DANGER: UUCP *can* propogate the Worm
References: [Thread Prev: 246] [Thread Next: 275] [Message Prev: 242] [Message Next: 250]


Carl,
	Someone else pointed out a related problem with sendmail where
a local user can take advantage of the sendmail hole.  You probably
want to remove all references to tTd(0, 1) in the sendmail sources.
Its occurrences allow sendmail to run programs, append directly to
files (as recipients), or cause sendmail to include a list of names as
a mailing list (:include:).  All of these can be taken advantage of
with the particular debug option in question.  More than likely, you
wouldn't want the casual user to have access to any of these!!  -- Mel

END OF DOCUMENT