61945 – sendmail can collect info about your server and mail it out

Bug 61945 - sendmail can collect info about your server and mail it out

Summary: sendmail can collect info about your server and mail it out

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	sendmail
Sub Component:
Version:	7.2
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Florian La Roche
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-03-26 04:12 UTC by Rusty Coleman
Modified:	2007-04-18 16:41 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2002-03-26 04:12:10 UTC
Embargoed:

Attachments	(Terms of Use)

Description Rusty Coleman 2002-03-26 04:12:06 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)

Description of problem:
sendmail has collected info about my server, ie speed, hard drive, processor, 
users (all users, and the encrypted passwords), memory, and even a ping to 
yahoo.com and emailed it out to a hacker.  The only ports that are available to 
the public on this machine are 22 (ssh), 25(smtp), 21(ftp), 80(web), and 110
(pop3, im using QPopper).  I can forward a copy of the bounced email (the 
hacker tried to send to two bad addresses *stupid* :)

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try

Steps to Reproduce:
1.no idea how to reproduce
2.
3.
	

Additional info:

I would really like to forward the entire email that is in my root's address to 
someone here.  Please send me an address to send it to.

Comment 1 Florian La Roche 2002-04-07 05:54:18 UTC

bugzilla is only used for tracking bug-reports in rpm packages, but for
for security audits of individual installations. I am closing this now.

Thanks,

Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.