| VID |
18047 |
| Severity |
20 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The Sendmail is vulnerable to a Denial of Service using a long series of ETRN commands.
The ETRN command is used to support that a client("sender-SMTP") may request the server ("receiver-SMTP") to start the processing of its mail queues for messages that are waiting at the server for the client machine. When a client connects to the sendmail server and sends an ETRN command to the server, the sendmail server calls fork() and sleeps for 5 seconds. If a remote attacker send a series of ETRN commands and disconnect from the server, parent process will struck, doing repeately fork() and sleep(5), no more ETRNs request are in need of processing. It spawns any amount of 'unusable' Sendmail child processes, and then will exhaust system resources and causes a Denial of Service or even a reboot of the server. In the Linux 2.0 kernel, it will consume all server memory and cause kernel to crash with messages like "no memory for Sendmail", "no memory for klogd", etc.
* Note: Due to the following reasons, this may or may not be considered a security risk in your environment (i.e. It may be a false positive):
1. This check solely relied on the version number of the remote Sendmail server to assess this vulnerability.
2. The version number of the Sendmail server is based on the standard Sendmail distribution released by the Sendmail Consortium.
* References:
http://www.securiteam.com/exploits/3M5QFS0QAG.html
http://archives.neohapsis.com/archives/bugtraq/1999-q4/0466.html
* Platforms Affected:
Sendmail prior to 8.10.0 |
| Recommendation |
Upgrade to the Sendmail version 8.10.0 or the latest version from the Sendmail web site, http://www.sendmail.org . |
| Related URL |
CVE-1999-1109 (CVE) |
| Related URL |
904 (SecurityFocus) |
| Related URL |
7760 (ISS) |
|
