n");shutdown(sockfd,2);close(sockfd);#ifdef VERBOSEfprintf(stderr,"*Connection closed succesfully.n");#endif}#ifdef MORECONN}waitpid(chpid,NULL,0);#endifreturn 0;}--- CUT HERE ---Bug in Sendmail's HELO Command (taken from rootshell.com)******************************Note: this won't get you root access(14) or get you into partsin a system you're not supposed to get into, but this is still pretty cool. In fact, it let's you hide your IP/hostname when faking mail![ http://www.rootshell.com/ ]We've had this exploit since January but sat on it until everyone had achange of implementing a stable version of sendmail 8.9.x. (And because thelast thing I want to do is help the spammers) It has now made its way toBugtraq so without further ado.--Rootshell 5/28/98Date: Fri, 22 May 1998 12:36:54 +0300From: Valentin Pavlov *root@PNS.NETBG.COM*Subject: about sendmail 8.8.8 HELO holeI assume this this is pretty old (10 Jan 1998) but still...I found a pretty simple way to prevent the hiding of the sender's IPaddress. The method to hide the IP address of the sender is describedbellow. Now, if we want to keep track of such exploit attempts, we have tocompile sendmail 8.8.8 with a PICKY_HELO_CHECK defined in conf.h:#define PICKY_HELO_CHECK 1This will force sendmail to syslog an authentication warning(message with LOG_INFO level) and include an X-Authentication-Warning:header in the message, saying what host tried to hide itself. Check outthe source (srvrsmpt.c, main.c). Also, LogLevel must be set to a valuehigher than 3 (default is 9) in sendmail.cf.regards,capone-=-=-=-=-=-=-=-=-=-=-=-=-=-=Make source, not [high]score----------------------------Valentin 'Val Capone' Pavlov----------------------------capone@netbg.com, UKTC87203-=-=-=-=-=-=-=-=-=-=-=-=-=-=Now for the original message, describing the exploit:-----Original Message-----From: Micha Zalewski *lcamtuf@boss.staszic.waw.pl*To: info@rootshell.com *info@rootshell.com*Date: 10 ...
