[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] poprelay: serious security bug

Subject: Re: [cobalt-security] poprelay: serious security bug
From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
Date: Wed, 4 Jul 2001 22:30:47 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hello Jim,

> doesn't this exploit require that they can login under telnet (or SSH). So
> first they have to obtain a valid shell userid and password ?

No.

You're confusing TELNET to port 23. In the exploit explanation, this is
TELNET to port 25 which is your SMTP server. If your SMTP server is running
_anyone_ can TELNET to port 25 on your server and get the SMTP prompt.

Try it yourself from your PC client:

telnet my.server.com 25

You'll get a reply back, something like:
220 my.server.com ESMTP Sendmail 8.9.3/8.9.3; Wed, 4 Jul 2001 22:33:11 +0100

It's then waiting for you to enter the exploit. To quite out of the above
enter the command:
quit

Regards,
Jonathan Michaelson
Commercial Perl CGI Scripting

Follow-Ups:
- Re: [cobalt-security] poprelay: serious security bug
  - From: baltimoremd
- RE: [cobalt-security] poprelay: serious security bug
  - From: Jim Carey

References:
- RE: [cobalt-security] poprelay: serious security bug
  - From: Jim Carey

Prev by Date: Re: [cobalt-security] poprelay: serious security bug
Next by Date: Re: [cobalt-security] poprelay: serious security bug
Previous by thread: RE: [cobalt-security] poprelay: serious security bug
Next by thread: Re: [cobalt-security] poprelay: serious security bug

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index