T 3.11 Improper configuration of sendmail
Errors in the configuration or software of sendmail have repeatedly led to security leaks in the affected IT systems in the past (typically: Internet worm).
Example:
Through various publications it has become known that it is possible to obtain user IDs and group IDs which are set with the options u and g (normally daemon). To do this a pipe has to be indicated in the address fields (From:) so that the mail is sent back. In the mail itself an error message has to be generated. Therefore, if you send an email containing
cp /bin/sh /tmp/sh
chmod oug+rsx /tmp/sh
to an unknown recipient and use '/bin/sh' as the sender address, that message will be returned as undeliverable which, in this case, is equivalent to the execution of a small shell-script. By means of this script, a shell with a set suid bit will be generated which has the user and group ID defined in sendmail.cf.