Vintra Mail Server Saturates CPU VERSIONS AFFECTED
DESCRIPTION There is a bug in a free MailServer software for Windows NT from Vintra systems (www.vintra.com/mailsrvr.html) Any remote user can cause the mail transport (MTA) to use 99% CPU. DEMONSTRATION Telnet to 25 port, send "helo yourhostname", then "mail from: somebody", then "rcpt to: anyone" commands, and instead of data command next, send "expn *@" and the software begins its infinite loop. SOLUTION Disable the "expn" command by editing sendmail.cf, adding the folowing line: PrivacyOptions=needmailhelo, noexpn Restart the mail server once this line has been added to the config. VENDOR RESPONSE Vintra has been informed. Stay tuned for their response. To learn more about NT Security concerns, subscribe to NTSD Credits- Originally reported by Vytis Fedaravicius Posted on The NT Shop on July 21, 1998 |
Max CPU Usage via Vintra Mail
0 comments
Hide comments