ID CVE-1999-0144Type cveReporter NVDModified 2017-12-18T21:29:00
Description
Denial of service in Qmail by specifying a large number of recipients with the RCPT command.
{"id": "CVE-1999-0144", "bulletinFamily": "NVD", "title": "CVE-1999-0144", "description": "Denial of service in Qmail by specifying a large number of recipients with the RCPT command.", "published": "1997-06-01T00:00:00", "modified": "2017-12-18T21:29:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0144", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/208", "http://marc.info/?l=bugtraq&m=87602558319024&w=2", "http://cr.yp.to/qmail/venema.html", "http://www.securityfocus.com/bid/2237", "http://marc.info/?l=bugtraq&m=87602558319029&w=2", "http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html"], "cvelist": ["CVE-1999-0144"], "type": "cve", "lastseen": "2017-12-19T12:20:52", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": [], "cvelist": ["CVE-1999-0144"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Denial of service in Qmail by specifying a large number of recipients with the RCPT command.", "edition": 2, "hash": "23d00b3372c7902542c5fd55ea81edd431f9d8b8a766ee7a4adb8889a4c0bb14", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "261b77db193719b94b33670bdb5b4996", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "491d3dd9e0164d00519c77ed79e39079", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "9cbd417d35e1e5a0aa5df9c04b0bc345", "key": "references"}, {"hash": "95703b3a68822921685ab8803702ca0a", "key": "description"}, {"hash": "8645e5773c82ff9784da60401451c6a8", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "97c8a4881260280e0cc6dfe5408782e5", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2194071404940988ecd78926323dff49", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "b08b6b3586ed0d39953ed32ca4309d16", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0144", "id": "CVE-1999-0144", "lastseen": "2017-04-18T15:49:13", "modified": "2016-10-17T21:59:03", "objectVersion": "1.2", "published": "1997-06-01T00:00:00", "references": ["http://xforce.iss.net/static/208.php", "http://marc.info/?l=bugtraq&m=87602558319024&w=2", "http://cr.yp.to/qmail/venema.html", "http://www.securityfocus.com/bid/2237", "http://marc.info/?l=bugtraq&m=87602558319029&w=2", "http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html"], "reporter": "NVD", "scanner": [], "title": "CVE-1999-0144", "type": "cve", "viewCount": 0}, "differentElements": ["modified", "cpe"], "edition": 2, "lastseen": "2017-04-18T15:49:13"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": [], "cvelist": ["CVE-1999-0144"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Denial of service in Qmail by specifying a large number of recipients with the RCPT command.", "edition": 1, "hash": "4804b2efadd31cba78faab5e74ed752b95063747edfa6a6c965ce9920fad9065", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "261b77db193719b94b33670bdb5b4996", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "db8158f04145228c7da4b56edb24493b", "key": "references"}, {"hash": "491d3dd9e0164d00519c77ed79e39079", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "45b3c704a1d0a506d58bf001389dfe64", "key": "modified"}, {"hash": "95703b3a68822921685ab8803702ca0a", "key": "description"}, {"hash": "8645e5773c82ff9784da60401451c6a8", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "97c8a4881260280e0cc6dfe5408782e5", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2194071404940988ecd78926323dff49", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0144", "id": "CVE-1999-0144", "lastseen": "2016-09-03T02:09:23", "modified": "2005-10-20T00:00:00", "objectVersion": "1.2", "published": "1997-06-01T00:00:00", "references": ["http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319029&w=2", "http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319024&w=2", "http://xforce.iss.net/static/208.php", "http://cr.yp.to/qmail/venema.html", "http://www.securityfocus.com/bid/2237", "http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html"], "reporter": "NVD", "scanner": [], "title": "CVE-1999-0144", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T02:09:23"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:qmail:qmail:-"], "cvelist": ["CVE-1999-0144"], "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "Denial of service in Qmail by specifying a large number of recipients with the RCPT command.", "edition": 3, "enchantments": {"score": {"modified": "2017-05-04T07:41:45", "value": 2.1}}, "hash": "07551acb9e6fa1d5d2c6c6550c717b62ffbe64f52b9e4face5097cf10a3552f6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "261b77db193719b94b33670bdb5b4996", "key": "title"}, {"hash": "491d3dd9e0164d00519c77ed79e39079", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "9cbd417d35e1e5a0aa5df9c04b0bc345", "key": "references"}, {"hash": "95703b3a68822921685ab8803702ca0a", "key": "description"}, {"hash": "8645e5773c82ff9784da60401451c6a8", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "97c8a4881260280e0cc6dfe5408782e5", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9b416e652ff7dcd73e59d19fa5975e2a", "key": "cpe"}, {"hash": "2194071404940988ecd78926323dff49", "key": "cvss"}, {"hash": "9447a077ff4a1ec28fcfefd7369b9659", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0144", "id": "CVE-1999-0144", "lastseen": "2017-05-04T07:41:45", "modified": "2017-05-03T12:18:35", "objectVersion": "1.2", "published": "1997-06-01T00:00:00", "references": ["http://xforce.iss.net/static/208.php", "http://marc.info/?l=bugtraq&m=87602558319024&w=2", "http://cr.yp.to/qmail/venema.html", "http://www.securityfocus.com/bid/2237", "http://marc.info/?l=bugtraq&m=87602558319029&w=2", "http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html"], "reporter": "NVD", "scanner": [], "title": "CVE-1999-0144", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 3, "lastseen": "2017-05-04T07:41:45"}], "edition": 4, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9b416e652ff7dcd73e59d19fa5975e2a"}, {"key": "cvelist", "hash": "97c8a4881260280e0cc6dfe5408782e5"}, {"key": "cvss", "hash": "2194071404940988ecd78926323dff49"}, {"key": "description", "hash": "95703b3a68822921685ab8803702ca0a"}, {"key": "href", "hash": "491d3dd9e0164d00519c77ed79e39079"}, {"key": "modified", "hash": "a52b36a465eaa12d7ee10a68eabd766e"}, {"key": "published", "hash": "8645e5773c82ff9784da60401451c6a8"}, {"key": "references", "hash": "03095ba1cb4562d240e2d653c920a8f1"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "261b77db193719b94b33670bdb5b4996"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "e2179770c017fadc7f5a5d06192f939ef74578acc2862346a752e8c192eedb5e", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:qmail:qmail:-"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"osvdb": [{"id": "OSVDB:5850", "type": "osvdb", "title": "Qmail RCPT TO Command Remote Overflow", "description": "## Vulnerability Description\nqmail-smtpd contains a flaw that may allow a remote denial of service. The issue is triggered by sending an email with a large number of recipient addresses. Qmail will attempt to process such message, which will consume all memory on the server host, and will result in loss of availability for this computer.\n## Solution Description\nUpgrade to version 1.03 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: limit amount of memory available to the qmail-smtpd process.\n## Short Description\nqmail-smtpd contains a flaw that may allow a remote denial of service. The issue is triggered by sending an email with a large number of recipient addresses. Qmail will attempt to process such message, which will consume all memory on the server host, and will result in loss of availability for this computer.\n## References:\n[Vendor Specific Advisory URL](http://cr.yp.to/qmail/venema.html)\nOther Advisory URL: http://www.ornl.gov/lists/mailing-lists/qmail/1997/06/msg00322.html\nISS X-Force ID: 208\n[CVE-1999-0144](https://vulners.com/cve/CVE-1999-0144)\nBugtraq ID: 2237\n", "published": "1997-06-12T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:5850", "cvelist": ["CVE-1999-0144"], "lastseen": "2017-04-28T13:20:00"}], "exploitdb": [{"id": "EDB-ID:20562", "type": "exploitdb", "title": "Dan Bernstein QMail 1.0 3 - RCPT Denial of Service Vulnerability 2", "description": "Dan Bernstein QMail 1.0 3 RCPT Denial of Service Vulnerability (2). CVE-1999-0144. Dos exploit for linux platform", "published": "1997-06-12T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/20562/", "cvelist": ["CVE-1999-0144"], "lastseen": "2016-02-02T14:31:53"}, {"id": "EDB-ID:20561", "type": "exploitdb", "title": "Dan Bernstein QMail 1.0 3 - RCPT Denial of Service Vulnerability 1", "description": "Dan Bernstein QMail 1.0 3 RCPT Denial of Service Vulnerability (1). CVE-1999-0144. Dos exploit for linux platform", "published": "1997-06-12T00:00:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/20561/", "cvelist": ["CVE-1999-0144"], "lastseen": "2016-02-02T14:31:45"}]}}
