sendmail

[Pawel Krawczyk]

Dzis w nocy ktos puscil na bugtraq zrodlo programiku smad.c:

/*
 * smad.c - sendmail accept dos -
 *
 * Salvatore Sanfilippo [AntireZ]
 * Intesis SECURITY LAB            Phone: +39-2-671563.1
 * Via Settembrini, 35             Fax: +39-2-66981953
 * I-20124 Milano  ITALY           Email: antirez w seclab.com
 *                                         md5330 w mclink.it
 *
 * compile it under Linux with gcc -Wall -o smad smad.c
 *
 * usage: smad fakeaddr victim [port]
 */

Jesli jeszcze tego nie zrobiliscie, to zapatchujcie sendmaila. Okolice
linijki 316 w daemon.c powinny wygladac nastepujaco:

           t = accept(DaemonSocket,
                (struct sockaddr *)&RealHostAddr, &lotherend);
            if (t >= 0 || (errno != EINTR && errno != ENETUNREACH &&
                            errno != EHOSTUNREACH))
                break;

-- 
Pawel Krawczyk, CETI internet, Krakow. http://www.ceti.com.pl/