| GEN:SID | 1:1450 |
| Message | SMTP expn *@ |
| Summary | This event is generated when an attempt is made to send a malformed request to an SMTP server which may cause a Denial of Service.
|
| Impact | Denial of Service (DoS)
|
| Detailed Information | The SMTP standard command "EXPN" is provided by servers to help find user e-mail accounts.
A malformed request to certain versions of Vintra MailServer can cause a DoS against that server. |
| Affected Systems | Vixar MailServer for Windows
|
| Attack Scenarios | The attacker needs to connect to a vulnerable server and issue the following commands.
>telnet victim.foo.com 25 >helo victim >mail from:doctor >rcpt to:evil >expn *@
|
| Ease of Attack | Simple. No exploit software required.
|
| Corrective Action | Disable the EXPN command on the SMTP server.
Upgrade to the latest non-affected version of the software
|
| Additional References | NT Bugtraq: http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222454131610&w=2
Command Reference: http://www.ntmail.co.uk/kb.htm?q=980
|
| Rule References | cve: 1999-1200
|