Bug 61945 - sendmail can collect info about your server and mail it out
Summary: sendmail can collect info about your server and mail it out
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sendmail
Version: 7.2
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Florian La Roche
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-03-26 04:12 UTC by Rusty Coleman
Modified: 2007-04-18 16:41 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-03-26 04:12:10 UTC
Embargoed:


Attachments (Terms of Use)

Description Rusty Coleman 2002-03-26 04:12:06 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)

Description of problem:
sendmail has collected info about my server, ie speed, hard drive, processor, 
users (all users, and the encrypted passwords), memory, and even a ping to 
yahoo.com and emailed it out to a hacker.  The only ports that are available to 
the public on this machine are 22 (ssh), 25(smtp), 21(ftp), 80(web), and 110
(pop3, im using QPopper).  I can forward a copy of the bounced email (the 
hacker tried to send to two bad addresses *stupid* :)

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try

Steps to Reproduce:
1.no idea how to reproduce
2.
3.
	

Additional info:

I would really like to forward the entire email that is in my root's address to 
someone here.  Please send me an address to send it to.

Comment 1 Florian La Roche 2002-04-07 05:54:18 UTC
bugzilla is only used for tracking bug-reports in rpm packages, but for
for security audits of individual installations. I am closing this now.

Thanks,

Florian La Roche



Note You need to log in before you can comment on or make changes to this bug.