Vulnerabilities > CVE-1999-1109 - Unspecified vulnerability in Sendmail

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

sendmail

nessus

exploit available

NVD

Published: 1999-12-22

Updated: 2016-10-18

Summary

Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.

Vulnerable Configurations

Part	Description	Count
Application	Sendmail Sendmail Sendmail - Sendmail Sendmail 2.6 Sendmail Sendmail 2.6.1 Sendmail Sendmail 2.6.2 Sendmail Sendmail 3.0 Sendmail Sendmail 3.0.1 Sendmail Sendmail 3.0.2 Sendmail Sendmail 3.0.3 Sendmail Sendmail 4.1 Sendmail Sendmail 8.6.7 Sendmail Sendmail 8.7.6 Sendmail Sendmail 8.7.7 Sendmail Sendmail 8.7.8 Sendmail Sendmail 8.7.9 Sendmail Sendmail 8.7.10 Sendmail Sendmail 8.8.8 Sendmail Sendmail 8.9.0 Sendmail Sendmail 8.9.1 Sendmail Sendmail 8.9.2 Sendmail Sendmail 8.9.3 Sendmail Sendmail 8.10 Sendmail Sendmail 8.10.0	22

Exploit-Db

description	Eric Allman Sendmail 8.9.1/8.9.3 ETRN Denial of Service Vulnerability. CVE-1999-1109. Dos exploit for linux platform
id	EDB-ID:19701
last seen	2016-02-02
modified	1999-12-22
published	1999-12-22
reporter	Michal Zalewski
source	https://www.exploit-db.com/download/19701/
title	Eric Allman Sendmail 8.9.1/8.9.3 - ETRN Denial of Service Vulnerability

Nessus

NASL family	SMTP problems
NASL id	SENDMAIL_ETRN_DOS.NASL
description	The remote Sendmail server, according to its version number, allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.
last seen	2020-06-01
modified	2020-06-02
plugin id	11350
published	2003-03-11
reporter	This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/11350
title	Sendmail Crafted ETRN Commands Remote DoS
code	# # (C) Tenable Network Security, Inc. # Original script by Xue Yong Zhi <[email protected]> # # Changes by Tenable: # - Revised plugin title, output formatting (9/14/09) # - Updated to use compat.inc, added CVSS score (11/20/2009) # - Fixed typo in the solution (03/05/2014) # - rewritten by Tenable (7/13/2018) include("compat.inc"); if (description) { script_id(11350); script_version("1.19"); script_cvs_date("Date: 2018/09/17 21:46:53"); script_cve_id("CVE-1999-1109"); script_bugtraq_id(904); script_name(english:"Sendmail Crafted ETRN Commands Remote DoS"); script_summary(english:"Checks the version number"); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The remote Sendmail server, according to its version number, allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated."); script_set_attribute(attribute:"solution", value: "Install Sendmail version 8.10.1 or higher, or install a vendor-supplied patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-1999-1109"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"1999/12/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/11"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:sendmail:sendmail"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SMTP problems"); script_dependencies("sendmail_detect.nbin"); script_require_keys("installed_sw/Sendmail"); exit(0); } include("vcf.inc"); app_info = vcf::get_app_info(app:"Sendmail"); constraints = [{ "fixed_version" : "8.10.0" }]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References