Path: utzoo!attcan!uunet!husc6!linus!heart-of-gold!jc From: jc@heart-of-gold (John M Chambers) Newsgroups: news.sysadmin Subject: Re: Possible Fines for Virus Perpetrator Keywords: Morris, virus, internet Message-ID: <166@heart-of-gold> Date: 10 Nov 88 21:53:52 GMT References: <456@l5comp.UUCP> <12081@dscatl.UUCP> <16600@agate.BERKELEY.EDU> <7159@pasteur.Berkeley.EDU> Distribution: na Organization: Mitre Corp, Bedford, MA, USA Lines: 31 In article <7159@pasteur.Berkeley.EDU>, c91a-ra@franny.Berkeley.EDU (john kawakami reader) writes: > Hear hear! I agree with weemba@garnet. We should be glad the virus was not > intended to be malicious. I heard Morris had managed to be root on some > machines. The potential for damage is frightening. > Well, actually, if you are on the internet, it is trivially easy to be root on just about any host that's running sendmail as a daemon: telnet 25 This will get you a connection to the local sendmail, which is almost always running as root. You can now treat this sendmail as a "shell" with a somewhat limited set of commands. The first one you want to type probably starts with "HELO"; consult the appropriate RFC for further details. What Morris's virus did, in fact, was take advantage of an undocumented command in sendmail's repertoire that allowed the calling user to start up a shell. That should require no further comment. But just becoming root, well, that's not necessarily a security hole. You can also get to be root briefly on most Unix systems by calling in and answering the "login:" prompt with "sync". You will be root for a few milliseconds, and then you'll be logged off. Can anyone give any reason that this is a security problem? -- From: John Chambers From ...!linus!!heart-of-gold!jc (John Chambers) Phone 617/217-7780 [Send flames; they keep it cool in this lab :-]