..:-={{Collaborative Security Information Center}}=-:..
          X-TREME & TECHNOTRONIC Security Collaboration Project
     http://www.technotronic.com  -=©=-  http://www.x-treme.abyss.com

****************************************************************************
   HACK: Sendmail 5.65: Backdoors in "sendmail" ('wiz' and 'debug' commands)
Version: 5.65, ? Others
 System: Unix
 Source: Bugtraq
****************************************************************************

The sendmail commands "wiz" and "debug" should be disabled.  This may be 
verified by executing the following commands:
   
% telnet hostname 25
220 host Sendmail 5.65 ready at Wed, 29 Sep 93 20:28:46 PDT
wiz
You wascal wabbit!  Wandering wizards won't win!
(or 500 Command unrecognizED)
quit
   
% telnet hostname 25
220 host Sendmail 5.65 ready at Wed, 29 Sep 93 20:28:46 PDT
debug
500 Command unrecognized
quit
   
If the "wiz" command returns "Please pass, oh mighty wizard", your system 
is vulnerable to attack. Then type "SHELL" and it will drop you into a root
shell. The command should be disabled by adding a line to the sendmail.cf
configuration file containing the string:
   
OW*

If the "debug" command responds with the string "200 Debug set", you should 
immediately obtain a newer version of sendmail software from your vendor.