Bug 61945

Summary: sendmail can collect info about your server and mail it out
Product: [Retired] Red Hat Linux Reporter: Rusty Coleman <zionsac>
Component: sendmailAssignee: Florian La Roche <laroche>
Status: CLOSED WONTFIX QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-03-26 04:12:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rusty Coleman 2002-03-26 04:12:06 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)

Description of problem:
sendmail has collected info about my server, ie speed, hard drive, processor, 
users (all users, and the encrypted passwords), memory, and even a ping to 
yahoo.com and emailed it out to a hacker.  The only ports that are available to 
the public on this machine are 22 (ssh), 25(smtp), 21(ftp), 80(web), and 110
(pop3, im using QPopper).  I can forward a copy of the bounced email (the 
hacker tried to send to two bad addresses *stupid* :)

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try

Steps to Reproduce:
1.no idea how to reproduce
2.
3.
	

Additional info:

I would really like to forward the entire email that is in my root's address to 
someone here.  Please send me an address to send it to.
Comment 1 Florian La Roche 2002-04-07 05:54:18 UTC 
bugzilla is only used for tracking bug-reports in rpm packages, but for
for security audits of individual installations. I am closing this now.

Thanks,

Florian La Roche