Red Hat Bugzilla – Bug 61945
sendmail can collect info about your server and mail it out
Last modified: 2007-04-18 12:41:11 EDT
From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) Description of problem: sendmail has collected info about my server, ie speed, hard drive, processor, users (all users, and the encrypted passwords), memory, and even a ping to yahoo.com and emailed it out to a hacker. The only ports that are available to the public on this machine are 22 (ssh), 25(smtp), 21(ftp), 80(web), and 110 (pop3, im using QPopper). I can forward a copy of the bounced email (the hacker tried to send to two bad addresses *stupid* :) Version-Release number of selected component (if applicable): How reproducible: Didn't try Steps to Reproduce: 1.no idea how to reproduce 2. 3. Additional info: I would really like to forward the entire email that is in my root's address to someone here. Please send me an address to send it to.
bugzilla is only used for tracking bug-reports in rpm packages, but for for security audits of individual installations. I am closing this now. Thanks, Florian La Roche