> Hello Jim, > > > doesn't this exploit require that they can login under telnet > (or SSH). So > > first they have to obtain a valid shell userid and password ? > > No. > > You're confusing TELNET to port 23. In the exploit explanation, this is > TELNET to port 25 which is your SMTP server. If your SMTP server > is running > _anyone_ can TELNET to port 25 on your server and get the SMTP prompt. > > Try it yourself from your PC client: > > telnet my.server.com 25 > > You'll get a reply back, something like: > 220 my.server.com ESMTP Sendmail 8.9.3/8.9.3; Wed, 4 Jul 2001 > 22:33:11 +0100 > > It's then waiting for you to enter the exploit. To quite out of the above > enter the command: > quit ah - of course - thanks cheers Jim Carey www.OZbcoz.com discount domain registration www.iluvoz.com affordable hosting services _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
- [cobalt-security] poprelay: serious security bug Jonathan Michaelson
- Re: [cobalt-security] poprelay: serious security ... Jonathan Michaelson
- Re: [cobalt-security] poprelay: serious security ... Jonathan Michaelson
- Re: [cobalt-security] poprelay: serious security ... Robbert Hamburg
- Re: [cobalt-security] poprelay: serious secur... Jonathan Michaelson
- RE: [cobalt-security] poprelay: serious security ... Jim Carey
- Re: [cobalt-security] poprelay: serious security ... Jonathan Michaelson
- Re: [cobalt-security] poprelay: serious security ... Jeff Lovell
- Re: [cobalt-security] poprelay: serious secur... Carrie Bartkowiak
- Re: [cobalt-security] poprelay: serious security ... Jonathan M. Slivko
- Re: [cobalt-security] poprelay: serious security ... Jeff Lovell
- Re: [cobalt-security] poprelay: serious security ... Carrie Bartkowiak
- Re: [cobalt-security] poprelay: serious secur... Jeff Lovell
- Re: [cobalt-security] poprelay: serious secur... baltimoremd
- Re: [cobalt-security] poprelay: serious secur... Carrie Bartkowiak
