Sendmail Crafted ETRN Commands Remote DoS

medium Nessus Plugin ID 11350

Synopsis

The remote host has an application that is affected by a denial of service vulnerability.

Description

The remote Sendmail server, according to its version number, allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.

Solution

Install Sendmail version 8.10.1 or higher, or install a vendor-supplied patch.

Plugin Details

Severity: Medium

ID: 11350

File Name: sendmail_etrn_dos.nasl

Version: 1.19

Type: remote

Published: 3/11/2003

Updated: 9/17/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-1999-1109

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:sendmail:sendmail

Required KB Items: installed_sw/Sendmail

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/22/1999

Reference Information

CVE: CVE-1999-1109

BID: 904