From owner-freebsd-security  Thu Sep 10 06:44:56 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA25605
          for freebsd-security-outgoing; Thu, 10 Sep 1998 06:44:56 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from peak.mountin.net ([207.227.119.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA25597
          for <freebsd-security@FreeBSD.ORG>; Thu, 10 Sep 1998 06:44:54 -0700 (PDT)
          (envelope-from jeff-ml@mountin.net)
Received: (from daemon@localhost)
	by peak.mountin.net (8.9.1/8.9.1) id IAA20118;
	Thu, 10 Sep 1998 08:44:39 -0500 (CDT)
Received: from klinzhai-39.isdn.mke.execpc.com(169.207.65.167) by peak.mountin.net via smap (V1.3)
	id sma020116; Thu Sep 10 08:44:22 1998
Message-Id: <3.0.3.32.19980910084313.011f48f0@207.227.119.2>
X-Sender: jeff-ml@207.227.119.2
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32)
Date: Thu, 10 Sep 1998 08:43:13 -0500
To: Jay Tribick <netadmin@fastnet.co.uk>, freebsd-security@FreeBSD.ORG
From: "Jeffrey J. Mountin" <jeff-ml@mountin.net>
Subject: Re: Err.. cat exploit.. (!)
In-Reply-To: <Pine.BSF.3.96.980910115926.408V-100000@bofh.fast.net.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 12:07 PM 9/10/98 +0100, Jay Tribick wrote:
>
>Hi All..
>
>Was just having a look in /var/log the other day and spotted
>a file called sendmail.st, wondering what it was I cat'd it
>and here's what it did:
>
>bofh$ cat sendmail.st 
>`ay5habf33*`ma}`)`Jj]:        Jsu-2.01$ xtermxterm
>su: xtermxterm: command not found
>bofh$ 
>
>This seems quite scarey to me, couldn't someone embed 'rm -rf /'
>within a text file and then, if root cats the file it nukes
>their system?
>
>Here's an 'od' dump of the file, unfortunately I don't have the
>time to investigate this further:
>
>bofh$ od sendmail.st  
--snip--
>
>bofh$ uname -a
>FreeBSD server1.fastnet.co.uk 2.2.6-RELEASE FreeBSD 2.2.6-RELEASE #0: Mon
>Jun 22 17:33:00 BST 1998
>kronus@anarchy.fast.net.uk:/usr/src/sys/compile/ANARCHY  i386

It is a binary file.

The sendmail.st file is used for mailer stats for sendmail ala mailstats:

# mailstats
Statistics from Thu Sep  3 05:10:01 1998
 M   msgsfr  bytes_from   msgsto    bytes_to  msgsrej msgsdis  Mailer
 3     2060       6227K       45         60K        0       0  local
 5        0          0K     2073       6207K        0       0  esmtp
=============================================================
 T     2060       6227K     2118       6267K        0       0

Terminals don't like it when you cat a binary.


Jeff Mountin - Unix Systems TCP/IP networking
jeff@mountin.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message