Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!oakhill!dover!digital!digital.sps.mot.com!chen
From: chen@digital.sps.mot.com (Jinfu Chen)
Newsgroups: comp.sys.apollo
Subject: Sendmail hole (?)
Message-ID: <46098421.81da@digital.sps.mot.com>
Date: 5 Oct 89 03:00:05 GMT
Sender: chen@digital.sps.mot.com
Reply-To: chen@digital.sps.mot.com (Jinfu Chen)
Organization: Motorola, Inc. Logic IC Div, Mesa, AZ
Lines: 35

People at comp.virus are getting quite excited about the coming "Friday the 13th"
(Oct 13th). This reminds me the infamous ARPANET-worm last November, so I just
tried the following to our SMTP gateway node (running SR10.1.0.4), and to my
surprise:

[ first look for 'debug' string in sendmail ]
> $ strings /usr/lib/sendmail | grep -i debug
> debug
> Debug set

[ then, connected to digital.sps.mot.com on SMTP port ]
> 220 digital.sps.mot.com Sendmail 5.51.2/SMI-3.2 ready at Wed, 4 Oct 89 20:21:41 MDT
> DEBUG
> 200 Debug set
> quit
> 221 digital.sps.mot.com closing connection
> 
> ====finis: stat 0 e_flags 1
> dropenvelope 1cdb8 id="AA14672" flags=1
> Connection closed by foreign host.

Should I get panic?! I don't know if the "DEBUG" command in this version of 
SMTP from Apollo is immune to the ARPANET worm. Could someone from Apollo
verify this?

One of the recent Apollo patch is related to `fingerd' and the document says
it's been inoculated against the virus publicized on USENET. Does this apply
to sendmail?

-- 
Jinfu Chen                  (602)898-5338      |       Disclaimer:
Motorola, Inc.  Logic IC Div., Mesa, AZ        | 
...{somewhere}!uunet!dover!digital!chen        | My employer doesn't pay
chen@digital.sps.mot.com                       | me to express opinions.
----------