Printable View
Msmittens I will certainly consider that. I'm not going to do an entire lock down, but it never hurts to secure the box to it's upmost capability. Could you go a bit more in depth on how sendmail could be exploited locally, even if the daemon is not running? Give those other people who may be watching this thread a good idea on what to look for in their own machines.
Hrmm... it was a while ago but I believe it was a prescan() buffer overflow exploit that I ran across. It was a bit funny since it was a demonstration to students (made it a little too easy) and literally gave me root on the box even though the machine wasn't running sendmail officially. Just by virtue of it being used to send mail between users locally meant the system could be compromised. The original C code should be searchable on Packet Storm Security
Server seems to be down for some odd reason. Roommate probably turned it off (sob), and I'm away from my house right now so I'll see what I can do in a few hours.
Server is back up and running. Also completely removed the sendmail package from the system.