11.1. Ancient History

The Sendmail program has a bad reputation in security circles. One of the reasons is that Sendmail has a history of security problems. A vulnerability in Sendmail, for example, was exploited by the so-called Morris Internet Worm ^[1], the first major attack on the Internet. Due to bugs in Sendmail, an attacker could fool the Sendmail daemon into accepting a UNIX command in place of an address. Sendmail also suffered from "buffer overflow" bugs ^[2] allowing an attacker to send a program to the remote site in such a way that the remote system would execute it.

Even before that, Sendmail was used to gain illegal entry to systems due to misconfiguration. An early exploited vulnerability had to do with the "Wizard Password." This "feature" allowed an e-mail administrator to execute "privileged commands" while connected to the SMTP server. A password was stored in the sendmail.cf file. Oh, not in the clear! That would be too insecure. It was stored encrypted. Just as in a UNIX passwd file.

The problem was, many people used Sendmail just as distributed from Berkeley. Some vendors shipped Sendmail just as distributed from Berkeley, too. And some of the distributed configuration files had a "Wizard password" already set. Once a would-be attacker guessed that password (through some brute force guessing attack), the attacker had a "skeleton key" to many UNIX systems whose administrators did not bother to change this string or, often, did not even know of...