Penetration Testing mailing list archives

Re: [PEN-TEST] Debug command on Sendmail

From: Max Vision <vision () WHITEHATS COM>
Date: Wed, 13 Sep 2000 10:38:50 -0700

On Tue, 12 Sep 2000, DonSata (ZekSata) wrote:

I have bumped several times into the DEBUG COMMAND exploit for Sendmail. I
get this using nessus scanner.
Like with all other vulnerabilities, I try to find the way to make it work,
without using any kind of scripts. (Remember... my goal here is to learn...
not actually the succesfull penetration of a system.)
The only information I get about this vulnerability is the one at
www.nessus.org home page and the one in here:
www.cert.org//advisories/CA-93.14.Internet.Security.Scanner.html


This affects extremely old versions of sendmail (versions before 5.59
according to securityfocus, before 5.65 according to other CERT, I don't
remember when it was fixed).  You can read more about it and download an
exploit script from securityfocus.

http://www.securityfocus.com/bid/1

Note that some MTA respond to the debug command with "200 Debug set
-NOT!", which could fool the Nessus check into giving a false positive:

if(("200 debug set" >< r))security_hole(port);

Max

Current thread:

[PEN-TEST] Have SQL admin account and password... now what? Loschiavo, Dave (Sep 12)
- Re: [PEN-TEST] Have SQL admin account and password... now what? Andrew Cogger (Sep 12)
- Re: [PEN-TEST] Have SQL admin account and password... now what? Vitaly McLain (Sep 12)
- [PEN-TEST] Debug command on Sendmail DonSata (ZekSata) (Sep 13)
  - Re: [PEN-TEST] Debug command on Sendmail Max Vision (Sep 13)