Qmail RCPT TO Command Remote Overflow

1997-06-12T00:00:00
ID OSVDB:5850
Type osvdb
Reporter Wietse Venema(wietse@wzv.win.tue.nl)
Modified 1997-06-12T00:00:00

Description

Vulnerability Description

qmail-smtpd contains a flaw that may allow a remote denial of service. The issue is triggered by sending an email with a large number of recipient addresses. Qmail will attempt to process such message, which will consume all memory on the server host, and will result in loss of availability for this computer.

Solution Description

Upgrade to version 1.03 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: limit amount of memory available to the qmail-smtpd process.

Short Description

qmail-smtpd contains a flaw that may allow a remote denial of service. The issue is triggered by sending an email with a large number of recipient addresses. Qmail will attempt to process such message, which will consume all memory on the server host, and will result in loss of availability for this computer.

References:

Vendor Specific Advisory URL Other Advisory URL: http://www.ornl.gov/lists/mailing-lists/qmail/1997/06/msg00322.html ISS X-Force ID: 208 CVE-1999-0144 Bugtraq ID: 2237