Bugtraq mailing list archives
Re: SECURITY HOLE: FormMail
From: neil () legless demon co uk (Neil Woods)
Date: Sat, 5 Aug 1995 10:26:35 +0100
| Just to be helpful, the way to do it more safely, without massive | need for checking is to build a complete mail message, including | header, and hand that to "sendmail -t" which then reads the recipient | information out of the constructed header. [Sendmail should of course | be an invocation of smail or pp, not the BSD program of that name, | given the history of problems that has had] I suspect this still wont take care of emails to pipes or files, i.e <|/bin/sh> or </.rhosts>, it is a legitimate, albeit unexpected, mail-command going to sendmail. So unless these two mode are totally stripped out of the sendmail, there will exist a vulnerability there, wont it?
No current version of sendmail (v8.*, any vendor supplied version) will allow mailing directly to programs or files. In order to deliver mail to a program or file, it must be indirect (ie. alias expansion, or from a users .forward file). Cheers, Neil -- Let the Mystery Be, So Watcha Want, Longing In Their Hearts, Hate My Way, M-Bike, Safari, Uncle June and Aunt Kiyoti, Daisy Dead Petals, Tuff Gnarl. ...like a badger with an afro throwing sparklers at the Pope...
Current thread:
- SECURITY HOLE: FormMail Paul Phillips (Aug 02)
- followup: local mail delivery der Mouse (Aug 03)
- Re: SECURITY HOLE: FormMail Christian Wettergren (Aug 03)
- PERL (was: Re: SECURITY HOLE: FormMail) VaX#n8 (Aug 07)
- Re: PERL (was: Re: SECURITY HOLE: FormMail) Philip Guenther (Aug 07)
- Guidelines for cgi-bin scripts Lee Silverman (Aug 08)
- Re: Guidelines for cgi-bin scripts Dave Andersen (Aug 08)
- Re: Guidelines for cgi-bin scripts Christian Wettergren (Aug 09)
- <Possible follow-ups>
- Re: SECURITY HOLE: FormMail Andrew Macpherson (Aug 03)
- Re: SECURITY HOLE: FormMail Christian Wettergren (Aug 04)
- Re: SECURITY HOLE: FormMail Neil Woods (Aug 05)
- More holes, was: Re: SECURITY HOLE: FormMail Ivo (Aug 05)
- My email handler, ~ escapes, etc. Tom (Aug 05)
- Simple CGI email handler, fixed Tom (Aug 05)
- Re: SECURITY HOLE: FormMail Christian Wettergren (Aug 04)
- Re: SECURITY HOLE: FormMail Andrew Macpherson (Aug 04)
- Re: SECURITY HOLE: FormMail Jukka Ukkonen (Aug 07)