Skip navigation
Menu
Security

Max CPU Usage via Vintra Mail

Vintra Mail Server Saturates CPU
Reported July 20, 1998 by Vytis Fedaravicius on BugTraq and NTBugTraq

VERSIONS AFFECTED

  • Vintra MailServer
  • Windows NT

DESCRIPTION

There is a bug in a free MailServer software for Windows NT from Vintra systems (www.vintra.com/mailsrvr.html) Any remote user can cause the mail transport (MTA) to use 99% CPU.

DEMONSTRATION

Telnet to 25 port, send "helo yourhostname", then "mail from: somebody", then "rcpt to: anyone" commands, and instead of data command next, send "expn *@" and the software begins its infinite loop.

SOLUTION

Disable the "expn" command by editing sendmail.cf, adding the folowing line:

PrivacyOptions=needmailhelo, noexpn

Restart the mail server once this line has been added to the config.

VENDOR RESPONSE

Vintra has been informed. Stay tuned for their response.

To learn more about NT Security concerns, subscribe to NTSD

Credits
- Originally reported by Vytis Fedaravicius

Posted on The NT Shop on July 21, 1998

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024