Sendmail Wizard Backdoor contents.gifindex.gif

Sendmail Wizard Backdoor

The wizard backdoor allows an intruder to gain access to a machine through the sendmail port. This option looks for the wiz backdoor found on older Ultrix machines. It allows a user to start up a shell without logging in.

Risk: High

Fix: If the wiz command is enabled on sendmail, it should be disabled by adding this line to the sendmail.cf configuration file (note that it must be upper case):

OW*

For this change to take effect, kill the sendmail process, refreeze the sendmail.cf file, and restart the sendmail process.

Advisories: CA-93:14.Internet.Security.Scanner