Bugtraq mailing list archives

Re: Sendmail 8.8.x/8.9.x bugware

From: brozen () torah org (Brock Rozen)
Date: Mon, 18 Jan 1999 23:10:23 +0200


On Mon, 18 Jan 1999, Michal Zalewski wrote:

550 <rhialto () hacker some place else@victim.some.where>... Relaying denied


As you noticed, relaying is denied in your configuration ;P This attack is
possible if relaying is enabled, and it allows multiple redirections
trough protected or external networks, which shouldn't be allowed.


Is stuff like <nobody%example.com () victim some.where> allowed through?

--
Brock Rozen                                              brozen () torah org
Director of Technical Services                              (410)358-9800
Project Genesis                                     http://www.torah.org/

Current thread:

Re: SSH 1.x and 2.x Daemon, (continued)
- - - Re: SSH 1.x and 2.x Daemon Jim Bourne (Jan 25)
    - Re: backdoored tcp wrapper source code Wietse Venema (Jan 23)
    - LocalSecure Testing Program NSS SDT (Jan 21)
    - Re: backdoored tcp wrapper source code John Stange (Jan 24)
    - Advisory: IIS FTP Exploit/DoS Attack Marc (Jan 24)
    - Re: Advisory: IIS FTP Exploit/DoS Attack Seth McGann (Jan 24)
    - Re: Advisory: IIS FTP Exploit/DoS Attack Matt Conover (Jan 25)
    - IIS Advisory Marc (Jan 24)
- IIS 4 Request Logging Security Advisory mnemonix (Jan 22)
- Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Jan 18)
  - Re: Sendmail 8.8.x/8.9.x bugware Brock Rozen (Jan 18)
  - Linux 2.0.36 vulnerable to local port/memory DoS attack David Schwartz (Jan 19)
  - Re: Sendmail 8.8.x/8.9.x bugware Steve VanDevender (Jan 19)