Bug 11437 - place arbitrary commands in the uucp-queue via smtp
Summary: place arbitrary commands in the uucp-queue via smtp
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: uucp (Show other bugs)
(Show other bugs)
Version: 6.2
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Eido Inoue
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-05-16 09:39 UTC by msuencks
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-07-24 04:56:20 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description msuencks 2000-05-16 09:39:02 UTC
this is an update to an earlier bug report (#10292)

consider an email with sender's adress like:


<"blabla 0 touch /bin/I_was_here "@somewhere.org>



no consider "somewhere.org" gets its mail via UUCP.

in the uucp queue the "rmail" command will replaced
by the "touch" command the attacker submitted.

Of course this is only an issue if the uucp-system
on the receiving end had "ALL" commands allowed to
be executed via uucp (which is silly at best).

Anyway I think it is not very nice.

as you don't want to touch uucp itself, maybe a
sendmail ruleset will do which denies email with
whitespace in the adress name to be relayed to
uucp queues ..!

Comment 1 Eido Inoue 2002-01-18 21:22:50 UTC
moving this bug to #54466, which addresses the last errata relating to this fix


Note You need to log in before you can comment on or make changes to this bug.