Bugtraq mailing list archives
Sendmail Vulnerability.
From: alan () MANAWATU GEN NZ (Alan Brown)
Date: Tue, 15 Apr 1997 09:34:40 +1200
In mail going back and forth with Eric Alman and the sendmail team regarding the massive amount of spamming that's happening using forged HELOs and other bits'n'pieces, the following item came up: Sendmail does not do a forward DNS crosscheck on the PTR record associated with incoming IPs. IE, given control of a netblock's in-addr.arpa table, it is trivial to make mail appear to come from any named machine on the planet and only a manual lookup on the IP will show the lie. I've switched sendmail to being called out of inetd.conf with a PARANOID hosts.deny entry. In light of the tactics that various spammers are using - particularly Quantcom.com (supplied by AGIS), I expect that they'll start using DNS spoofing shortly. Quantcom is the most aggressive site at the moment and have started sending spam with threats attached. I am currently taking upwards of 80 items per day in my admin mailboxes, relayhosted through a different site almost every time. Currently I have some 135 hosts.deny lines against sendmail to lockout problem netblocks and domains. IMO if they're prevented from accessing the sendmail process it's a good thing, particularly as when calling it with -bs from inetd.conf, many of the load reducing checks are bypassed. :-( AB
Current thread:
- Sendmail Vulnerability. Alan Brown (Apr 14)
- TcpWrappers and Sendmail Neil Harkins (Apr 15)
- Handy change I made in ltread.c Nathan D. Faber (Apr 15)
- NIS+ and signed directory objects Sun Security Coordination (Apr 15)
- Update on PHP/FI hole Shamanski (Apr 16)
- Buffer overflow in sperl5.003 Murphy (Apr 17)
- Re: Buffer overflow in sperl5.003 David Luyer (Apr 17)
- Re: Buffer overflow in sperl5.003 Jon Lewis (Apr 19)
- [NTSEC] ALERT - NT security flaw announcement Aleph One (Apr 18)
- Beta testers wanted for new security tool! Alfred Huger (Apr 18)
- IRIX 6.x /cgi-bin/wrap bug J.A. Gutierrez (Apr 19)
- Re: Buffer overflow in sperl5.003 David Luyer (Apr 17)
(Thread continues...)