..:-={{Collaborative Security Information Center}}=-:.. X-TREME & TECHNOTRONIC Security Collaboration Project http://www.technotronic.com -=©=- http://www.x-treme.abyss.com **************************************************************************** HACK: Sendmail 5.65: Backdoors in "sendmail" ('wiz' and 'debug' commands) Version: 5.65, ? Others System: Unix Source: Bugtraq **************************************************************************** The sendmail commands "wiz" and "debug" should be disabled. This may be verified by executing the following commands: % telnet hostname 25 220 host Sendmail 5.65 ready at Wed, 29 Sep 93 20:28:46 PDT wiz You wascal wabbit! Wandering wizards won't win! (or 500 Command unrecognizED) quit % telnet hostname 25 220 host Sendmail 5.65 ready at Wed, 29 Sep 93 20:28:46 PDT debug 500 Command unrecognized quit If the "wiz" command returns "Please pass, oh mighty wizard", your system is vulnerable to attack. Then type "SHELL" and it will drop you into a root shell. The command should be disabled by adding a line to the sendmail.cf configuration file containing the string: OW* If the "debug" command responds with the string "200 Debug set", you should immediately obtain a newer version of sendmail software from your vendor.