jonathan@cs.keele.ac.uk (Jonathan Knight) (11/16/88)
Hi there. I installed the binary bug fix from Berkely for a few of the suns here at Keele. On looking a little closer I discovered that all the bug fix did was to place two zero bytes over the debug command. A little experimentation with a Ultrix machine using telnet to a sun revealed that if I used the command "^@^@BUG" I could still get the debug option set. All that is needed to invoke the debug command is a method of typing null's to sendmail. I haven't been following all the follow-ups to the worm so does anyone have a better fix than the one from Berkely for binary only sites? -- _____ Jonathan Knight, || JANET: jonathan@uk.ac.keele.cs / Department of Computer Science || UUCP: ...!ukc!kl-cs!jonathan / _ __ University of Keele, Keele, || BITNET: jonathan%cs.kl.ac.uk@ (_/ (_) / / Staffordshire. ST5 5BG. U.K. || ---------------- cunyvm.bitnet
jonathan@cs.keele.ac.uk (Jonathan Knight) (11/16/88)
In article <402@kl-cs.UUCP>, I wrote > A little experimentation with a Ultrix machine > using telnet to a sun revealed that if I used the command > "^@^@BUG" I could still get the debug option set. Actually as the debug command has been replaced with a string starting with a null, simply hitting return will set the debug option. No need for any clever way of getting nulls to sendmail. Not much of a fix really, anybody got something better? -- _____ Jonathan Knight, || JANET: jonathan@uk.ac.keele.cs / Department of Computer Science || UUCP: ...!ukc!kl-cs!jonathan / _ __ University of Keele, Keele, || BITNET: jonathan%cs.kl.ac.uk@ (_/ (_) / / Staffordshire. ST5 5BG. U.K. || ---------------- cunyvm.bitnet
night@pawl2.pawl.rpi.edu (Trip Martin) (11/21/88)
In article <403@kl-cs.UUCP> jonathan@cs.keele.ac.uk (Jonathan Knight) writes: >In article <402@kl-cs.UUCP>, I wrote >> A little experimentation with a Ultrix machine >> using telnet to a sun revealed that if I used the command >> "^@^@BUG" I could still get the debug option set. > >Actually as the debug command has been replaced with a string starting >with a null, simply hitting return will set the debug option. No >need for any clever way of getting nulls to sendmail. Not much of a fix >really, anybody got something better? I found this one too. My first idea was to change the string to uppercase assuming that sendmail mapped the string to lowercase before doing the comparison. Strangely enough that didn't work. What did work was to put a space in the string. Since the parser uses spaces to delimit words, sendmail will never return a space inside the command word (I'm not positive on this point, but it seems to be the case). Anyhow, I changed "debug" to "a bug". :-) -- Trip Martin night@paraguay.acm.rpi.edu night@pawl.rpi.edu
scs@itivax.UUCP (Steve C. Simmons) (11/23/88)
In article <403@kl-cs.UUCP> jonathan@cs.keele.ac.uk (Jonathan Knight) writes: |In article <402@kl-cs.UUCP>, I wrote |> A little experimentation with a Ultrix machine |> using telnet to a sun revealed that if I used the command |> "^@^@BUG" I could still get the debug option set. | |Actually as the debug command has been replaced with a string starting |with a null, simply hitting return will set the debug option. No |need for any clever way of getting nulls to sendmail. Not much of a fix |really, anybody got something better? Yes. Get BPE from some comp.sources.misc archive (or any binary editor, for that matter). Edit the sendmail object. [[you saved an unmodified copy in case you blew it, right? :-) ]] Find the DEBUG command. Change it to be the same as the previous command in the search sequence. -- Steve Simmons ...!umix!itivax!scs Industrial Technology Institute, Ann Arbor, MI. "You can't get here from here."