Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3)

From: "Ram'on Reyes Carri'on" <ramon () cimat mx>
Date: Fri, 6 Jul 2001 09:54:01 -0500 (CDT)
Hi!

Yes it is true! It works, with a small change in the example to match the
string in my script (I had to customize it initially).

A quick workaround that I have just applied is to make sure that the
string does not contain /sendmail/ so it cannot be injected into syslog
via sendmail (may be injected some other way!).

Hope this helps while, a better solution is suggested.

Regards,
Ramon.

On Tue, 3 Jul 2001, Andrea Barisani wrote:


Hi to all,


[...]


The syslog string searched by the script is in this form for the qpop
server
      
/POP login by user \"[\-\_\w]+\" at \(.+\) ([0-9]\.]+)/)

On some cobalt raq3 servers (with the poprelayd add-on packet installed )  
and in general on any system running the poprelayd script with sendmail is
possible to "inject" this string in the syslog using sendmail logging. So
anyone can insert a fake string with his own IP wich will be parsed by
poprelayd and that will permit the use of sendmail as a relay.


[...]
-----------------------------------------------------------------------------
       CIMAT                                 Ramon Reyes Carrion            
  Apdo. Postal 402                          e-mail:ramon () cimat mx
36000 Guanajuato, Gto.                   Tel (52) (473) 27155 Ext 49571
      MEXICO                                 Fax (52) (473) 25749.
 http://www.cimat.mx/
Previous By Date Next
Previous By Thread Next

Current thread: