December 8th, 2002, 05:07 PM
SMTP > Write to File
I have a question about a security flaw . One of my servers seem to send mail directly to any file on the system .
How can i disable the mailserver from doing this ?
Don't think it is easily exploitable , wouldn't know which files to change to get > telnet running > ftp running or so
any advice appreciated
December 8th, 2002, 05:18 PM
Correct me if I'm wrong... but if the mail is writing to /etc/passwd
Why couldn't one just send a properly formatted e mail to that account with user id and password information?
Then the user who sent the e mail will have a user id and password...
No need for one to be added by an admin or root.
To stop it from writing there... why not change the permissions?
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
December 8th, 2002, 05:22 PM
Have you thought about doing an strace -o to see get a look at what the SMTP process is doing. I have never seen anything like this happen unless there was some sort of inode error involved.
December 8th, 2002, 06:59 PM
I found the problem when scanning the server with Nessus . It told me it was possible to write to any file on the system using this ""technique"" .
And it worked 4me . I thought it was impossible to write to /etc/passwd when just telnetting into the smtp server and sent the data to the /etc/passwd .
The telnet session is with an anonymous user ..isn't it ?
December 9th, 2002, 02:28 AM
On my linux-mandrake server the passwd and shadow files are both owned by root. The passwd file is chmoded to 644 and the shadow file is 600. I never knew that an anonymous user could write to the /etc/passwd file. Perhaps if you modify the anonymous users virtual root, that would correct this issue.