|
Errors in the configuration or software of sendmail have repeatedly led to security leaks in the affected IT systems in the past (typically: Internet worm).
Example:
Through various publications it has become known that it is possible to obtain user IDs and group IDs which are set with the options u and g (normally daemon). To do this a pipe has to be indicated in the address fiels (From:) so that the mail is sent back. In the mail itself an error message has to be generated. Therefore, if you send an E mail containing
to an unknown recipient and use '/bin/sh ' as the sender address, that message will be returned as undeliverable which, in this case, is equivalent to the execution of a small shell-script. By means of this script, a shell with a set suid bit will be generated which has the user and group ID defined in sendmail.cf.
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |