say I telnetted to port 25 of some.mailhost.com
220 some.mailhost.com ESMTP Sendmail 8.8.5/8.7.1; Fri, 13 Jun 1997
10:56:20 -0700 (PDT)
HELO A
250 some.mailhost.com Hello userid@some.mailor.com [1.2.3.4], pleased to
meet you
MAIL FROM:me
250 me... Sender ok
RCPT TO:nosuchguy
550 nosuchguy... User unknown
RCPT TO:root
250 root... Recipient ok
....
So how would you propose that get fixed? Patch up sendmail so people
don't know if they mailed the wrong address?
--- Eric Kmetz Phone - 408/567.3800 Systems Programmer E-Mail - eric@aimnet.net Aimnet CorporationOn Fri, 13 Jun 1997, David Holland wrote:
> Try 'rsh victimhost -l realuser' and 'rsh victimhost -l nosuchuser'. > The error reported is different. > > Therefore, it's possible to determine which account names are valid. > This is an issue only for particularly paranoid sites that probably > already have rshd disabled, but I thought it would be worth issuing a > warning anyway. > > A cursory investigation of some local machines showed the following: > > Affected: Linux, NetBSD, Digital Unix 4.0 > Not affected: HP-UX, Solaris > > Linux's rsh client also seems to have a bug where the second of the > above cases prints random error strings. This will all be fixed in the > next release (unfortunately, not yesterday's release...) > > -- > - David A. Holland | VINO project home page: > dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino >