           ..:-={{Collaborative Security Information Center}}=-:..
          X-TREME & TECHNOTRONIC Security Collaboration Project
     http://www.technotronic.com  -==-  http://www.x-treme.abyss.com

****************************************************************************
   HACK: Sendmail 5.65: Backdoors in "sendmail" ('wiz' and 'debug' commands)
Version: 5.65, ? Others
 System: Unix
 Source: Bugtraq
****************************************************************************

The sendmail commands "wiz" and "debug" should be disabled.  This may be 
verified by executing the following commands:
   
% telnet hostname 25
220 host Sendmail 5.65 ready at Wed, 29 Sep 93 20:28:46 PDT
wiz
You wascal wabbit!  Wandering wizards won't win!
(or 500 Command unrecognizED)
quit
   
% telnet hostname 25
220 host Sendmail 5.65 ready at Wed, 29 Sep 93 20:28:46 PDT
debug
500 Command unrecognized
quit
   
If the "wiz" command returns "Please pass, oh mighty wizard", your system 
is vulnerable to attack.  The command should be disabled by adding a line 
to the sendmail.cf configuration file containing the string:
   
OW*

If the "debug" command responds with the string "200 Debug set", you should 
immediately obtain a newer version of sendmail software from your vendor.
   

