Bug 61945 - sendmail can collect info about your server and mail it out
sendmail can collect info about your server and mail it out
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Florian La Roche
David Lawrence
: Security
Depends On:
  Show dependency treegraph
Reported: 2002-03-25 23:12 EST by Rusty Coleman
Modified: 2007-04-18 12:41 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-03-25 23:12:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rusty Coleman 2002-03-25 23:12:06 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)

Description of problem:
sendmail has collected info about my server, ie speed, hard drive, processor, 
users (all users, and the encrypted passwords), memory, and even a ping to 
yahoo.com and emailed it out to a hacker.  The only ports that are available to 
the public on this machine are 22 (ssh), 25(smtp), 21(ftp), 80(web), and 110
(pop3, im using QPopper).  I can forward a copy of the bounced email (the 
hacker tried to send to two bad addresses *stupid* :)

Version-Release number of selected component (if applicable):

How reproducible:
Didn't try

Steps to Reproduce:
1.no idea how to reproduce

Additional info:

I would really like to forward the entire email that is in my root's address to 
someone here.  Please send me an address to send it to.
Comment 1 Florian La Roche 2002-04-07 00:54:18 EST
bugzilla is only used for tracking bug-reports in rpm packages, but for
for security audits of individual installations. I am closing this now.


Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.