Bugtraq mailing list archives
Re: Gopher attack? (not a sighting just a question)
From: mshaver () schoolnet carleton ca (Mike Shaver)
Date: Mon, 27 Feb 1995 17:03:41 -0500 (EST)
Dr. Frederick B. Cohen mumbled something vague about:
I was thinking about the sendmail attack working from the inside as opposed to the outside and it occured to me that gopher sends email (upon request) to transmit a file to the person using the gopher server. Could this be used (by sending the mail to another user on the gopher server) to launch the sendmail attack as an insider? Probably not, but I just thought I'd ask.
I believe that the client does the mailing, not the server. If that's the case, then I don't think you'd get a significantly greater risk. Especially since the attack would only work if the identd on the user's machine is hostile. Or am I missing some subtle interaction between the client and the mail system? Mike
Current thread:
- Maybe *THIS* will help. *Hobbit* (Feb 24)
- Sendmail fixkit David Brownlee (Feb 25)
- Re: Sendmail fixkit bob () unix worldcom com (Feb 25)
- Lotus Notes (was Re: Sendmail Fixkit) Matthew J Brown (Feb 26)
- Re: Sendmail fixkit Christian Wettergren (Feb 27)
- Re: Sendmail fixkit (/ in addresses) David Brownlee (Feb 27)
- Gopher attack? (not a sighting just a question) Dr. Frederick B. Cohen (Feb 27)
- Re: Gopher attack? (not a sighting just a question) Mike Shaver (Feb 27)
- Re: Gopher attack? (not a sighting just a question) Albert Lunde (Feb 27)
- Re: Sendmail fixkit bob () unix worldcom com (Feb 25)
- Sendmail fixkit David Brownlee (Feb 25)
- another Web bitchout *Hobbit* (Feb 25)
- Re: another Web bitchout Stephen D. Williams (Feb 25)
- Re: A (possibly) better way to get input integrity Charles Howes (Feb 26)