CVE Reference
- Id
- 382
- CVE No.
- CVE-1999-0144
- Reference
- MISC:http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html
-
- History
- Session
-
Request +
Request
Cake Params
- plugin(null)
- controllercvereves
- actionview
- named(empty)
- pass(array)
- 0382
Post data
No post data.
Query string
No querystring data.
Cookie
To view Cookies, add CookieComponent to Controller
Current Route
- keys(array)
- 0controller
- 1action
- options(array)
- defaultRoute(true)
- defaults(array)
- plugin(null)
- template/:controller/:action/*
==== - Sql Log
-
Timer +
Memory
Peak Memory Use 3.53 MB
Message Memory use Component initialization 1.37 MB Controller action start 1.49 MB Controller render start 2.16 MB View render complete 2.56 MB Timers
Total Request Time: 19 (ms)
Message Time in ms Graph Core Processing (Derived from $_SERVER["REQUEST_TIME"]) 4.49 Event: Controller.initialize 0.02 Event: Controller.startup 0.09 Controller action 3.20 Event: Controller.beforeRender 4.44 » Processing toolbar data 4.35 Rendering View 2.14 » Event: View.beforeRender 0.02 » Rendering APP/View/Cvereves/view.ctp 1.23 » Event: View.afterRender 0.02 » Event: View.beforeLayout 0.02 » Rendering APP/View/Layouts/default.ctp 0.50 » » Rendering CORE/Cake/View/Elements/sql_dump.ctp 0.07 Event: View.afterLayout 0.00 ==== - Log
-
Variables +
View Variables
- cveref(array)
- Cveref(array)
- id382
- cveinfo_id144
- name(null)
- cveinfo_nameCVE-1999-0144
- referenceMISC:http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html
- deleted(null)
- created0000-00-00 00:00:00
- modified0000-00-00 00:00:00
- Cveinfo(array)
- id144
- nameCVE-1999-0144
- statusCandidate
- descriptionDenial of service in Qmail by specifying a large number of recipients with the RCPT command.
- phaseModified (20010301-02)
- votesACCEPT(4) Baker, Frech, Hill, Meunier | REVIEWING(1) Christey
- commentsChristey> DUPE CVE-1999-0418 and CVE-1999-0250? | Christey> Dan Bernstein, author of Qmail, says that this is not a | vulnerability in qmail because Unix has built-in resource | limits that can restrict the size of a qmail process; other | limits can be specified by the administrator. See | http://cr.yp.to/qmail/venema.html | | Significant discussion of this issue took place on the qmail | list. The fundamental question appears to be whether | application software should set its own limits, or rely | on limits set by the parent operating system (in this case, | UNIX). Also, some people said that the only problem was that | the suggested configuration was not well documented, but this | was refuted by others. | | See the following threads at | http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html | "Denial of service (qmail-smtpd)" | "qmail-dos-2.c, another denial of service" | "[PATCH] denial of service" | "just another qmail denial-of-service" | "the UNIX way" | "Time for a reality check" | | Also see Bugtraq threads on a different vulnerability that | is related to this topic: | BUGTRAQ:19990903 Web servers / possible DOS Attack / mime header flooding | http://archives.neohapsis.com/archives/bugtraq/1998_3/0742.html | Baker> http://cr.yp.to/qmail/venema.html | Berstein rejects this as a vulnerability, claiming this is a slander campaign by Wietse Venema. | His page states this is not a qmail problem, rather it is a UNIX problem | that many apps can consume all available memory, and that the administrator | is responsible to set limits in the OS, rather than expect applications to | individually prevent memory exhaustion. CAN 1999-0250 does appear to | be a duplicate of this entry, based on the research I have done so far. | There were two different bugtraq postings, but the second one references | the first, stating that the new exploit uses perl instead of shell scripting | to accomplish the same attack/exploit. | Baker> http://www.securityfocus.com/archive/1/6970 | http://www.securityfocus.com/archive/1/6969 | http://cr.yp.to/qmail/venema.html | | Should probably reject CVE-1999-0250, and add these references to this | Candidate. | Baker> http://www.securityfocus.com/bid/2237 | CHANGE> [Baker changed vote from REVIEWING to ACCEPT] | Christey> qmail-dos-1.c, as published by Wietse Venema (CVE-1999-0250) | in "BUGTRAQ:19970612 Denial of service (qmail-smtpd)", does not | use any RCPT commands. Instead, it sends long strings | of "X" characters. A followup by "super@UFO.ORG" includes | an exploit that claims to do the same thing; however, that | exploit does not send long strings of X characters - it sends | a large number of RCPT commands. It appears that super@ufo.org | followed up to the wrong message. | | NOTE: the ufo.org domain was purchased by another party in | 2003, so the current owner is not associated with any | statements by "super@ufo.org" that were made before 2003. | | qmail-dos-2.c, as published by Wietse Venema (CVE-1999-0144) | in "BUGTRAQ:19970612 qmail-dos-2.c, another denial of service attack" | sends a large number of RCPT commands. | | ADDREF BID:2237 | ADDREF BUGTRAQ:19970612 qmail-dos-2.c, another denial of service attack | ADDREF BUGTRAQ:19970612 Re: Denial of service (qmail-smtpd) | | Also see a related thread: | BUGTRAQ:19990308 SMTP server account probing | http://marc.theaimsgroup.com/?l=bugtraq&m=92100018214316&w=2 | | This also describes a problem with mail servers not being able | to handle too many "RCPT TO" requests. A followup message | notes that application-level protection is used in Sendmail | to prevent this: | BUGTRAQ:19990309 Re: SMTP server account probing | http://marc.theaimsgroup.com/?l=bugtraq&m=92101584629263&w=2 | The person further says, "This attack can easily be | prevented with configuration methods."
- deleted(null)
- created0000-00-00 00:00:00
- modified0000-00-00 00:00:00
- Cveref(array)
- $request->data(empty)
- $this->validationErrors(array)
- Cveref(empty)
- Cveinfo(empty)
- Loaded Helpers(array)
- 0Number
- 1SimpleGraph
- 2DebugTimer
- 3Toolbar
- 4Html
- 5Text
- 6Form
- 7Session
- 8HtmlToolbar
==== - cveref(array)
-
Environment +
App Constants
No application environment available.CakePHP Constants
Constant Value APP /virtual/inogo77/public_html/jvn/app/ APP_DIR app APPLIBS /virtual/inogo77/public_html/jvn/app/Lib/ CACHE /virtual/inogo77/public_html/jvn/app/tmp/cache/ CAKE /virtual/inogo77/public_html/jvn/lib/Cake/ CAKE_CORE_INCLUDE_PATH /virtual/inogo77/public_html/jvn/lib CORE_PATH /virtual/inogo77/public_html/jvn/lib/ CAKE_VERSION 2.6.0 CSS /virtual/inogo77/public_html/jvn/app/webroot/css/ CSS_URL css/ DS / FULL_BASE_URL http://inogo77.s500.xrea.com IMAGES /virtual/inogo77/public_html/jvn/app/webroot/img/ IMAGES_URL img/ JS /virtual/inogo77/public_html/jvn/app/webroot/js/ JS_URL js/ LOGS /virtual/inogo77/public_html/jvn/app/tmp/logs/ ROOT /virtual/inogo77/public_html/jvn TESTS /virtual/inogo77/public_html/jvn/app/Test/ TMP /virtual/inogo77/public_html/jvn/app/tmp/ VENDORS /virtual/inogo77/public_html/jvn/vendors/ WEBROOT_DIR webroot WWW_ROOT /virtual/inogo77/public_html/jvn/app/webroot/ PHP Environment
Environment Variable Value Php Version 5.6.40 Phprc php56.ini Php Fcgi Children 1 Pwd /virtual/inogo77/public_html/.fast-cgi-bin Php Fcgi Max Requests 10000 Shlvl 0 Path /usr/local/bin:/usr/bin:/bin Script Name /jvn/app/webroot/index.php Request Uri /jvn/cvereves/view/382 Query String Request Method GET Server Protocol HTTP/1.1 Gateway Interface CGI/1.1 Redirect Url /jvn/app/webroot/cvereves/view/382 Remote Port 57531 Script Filename /virtual/inogo77/public_html/jvn/app/webroot/index.php Server Admin [no address given] Context Document Root /virtual/inogo77/public_html Context Prefix Request Scheme http Document Root /virtual/inogo77/public_html Remote Addr 216.73.216.3 Server Port 80 Server Addr 160.251.151.205 Server Name inogo77.s500.xrea.com Server Software Apache Server Signature Http Connection close Http Cache Control max-age=259200 Http X Forwarded For 10.1.244.151 Http Via 1.1 squid-proxy-5b5d847c96-gwv4v (squid/6.10) Http Host inogo77.s500.xrea.com Http Accept Encoding gzip, br, zstd, deflate Http User Agent Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) Http Accept */* Gem Home /usr/local/rvm/gems/ruby-2.3.0 Suspectharddos 1 Suspectdos 1 X Dostranslated Ip 216.73.216.3 Mm Country Code US Mmdb Info result found Mmdb Addr 216.73.216.3 Unique Id aE_1zvGiWPEbaZQLozPx3wAAAf0 Redirect Status 200 Redirect Gem Home /usr/local/rvm/gems/ruby-2.3.0 Redirect Suspectharddos 1 Redirect Suspectdos 1 Redirect X Dostranslated Ip 216.73.216.3 Redirect Mm Country Code US Redirect Mmdb Info result found Redirect Mmdb Addr 216.73.216.3 Redirect Unique Id aE_1zvGiWPEbaZQLozPx3wAAAf0 Redirect Redirect Status 200 Redirect Redirect Gem Home /usr/local/rvm/gems/ruby-2.3.0 Redirect Redirect Suspectharddos 1 Redirect Redirect Suspectdos 1 Redirect Redirect X Dostranslated Ip 216.73.216.3 Redirect Redirect Mm Country Code US Redirect Redirect Mmdb Info result found Redirect Redirect Mmdb Addr 216.73.216.3 Redirect Redirect Unique Id aE_1zvGiWPEbaZQLozPx3wAAAf0 Fcgi Role RESPONDER Php Self /jvn/app/webroot/index.php Request Time Float 1750070734.5111 Request Time 1750070734 ==== -
Include +
Included Files
Include Paths
- 0/virtual/inogo77/public_html/jvn/lib
- 2/opt/remi/php56/root/usr/share/pear
- 3/opt/remi/php56/root/usr/share/php
- 4/usr/share/pear
- 5/usr/share/php
- 6-> /virtual/inogo77/public_html/jvn/lib/Cake/
Included Files
- core(array)
- Cache(array)
- 0CORE/Cache/Cache.php
- 1CORE/Cache/Engine/FileEngine.php
- 2CORE/Cache/CacheEngine.php
- Component(array)
- 0CORE/Controller/Component/SessionComponent.php
- 1CORE/Controller/Component/PaginatorComponent.php
- Config(array)
- 0CORE/Config/routes.php
- 1CORE/Config/config.php
- Controller(array)
- 0CORE/Controller/Controller.php
- 1CORE/Controller/ComponentCollection.php
- 2CORE/Controller/Component.php
- Datasource(array)
- 0CORE/Model/Datasource/CakeSession.php
- 1CORE/Model/Datasource/Database/Mysql.php
- 2CORE/Model/Datasource/DboSource.php
- 3CORE/Model/Datasource/DataSource.php
- Error(array)
- 0CORE/Error/exceptions.php
- 1CORE/Error/ErrorHandler.php
- I18n(array)
- 0CORE/I18n/I18n.php
- 1CORE/I18n/L10n.php
- Log(array)
- 0CORE/Log/CakeLog.php
- 1CORE/Log/LogEngineCollection.php
- 2CORE/Log/Engine/FileLog.php
- 3CORE/Log/Engine/BaseLog.php
- 4CORE/Log/CakeLogInterface.php
- Model(array)
- 0CORE/Model/Model.php
- 1CORE/Model/BehaviorCollection.php
- 2CORE/Model/ConnectionManager.php
- Network(array)
- 0CORE/Network/CakeRequest.php
- 1CORE/Network/CakeResponse.php
- Other(array)
- 0CORE/bootstrap.php
- 1CORE/basics.php
- 2CORE/Core/App.php
- 3CORE/Core/Configure.php
- 4CORE/Core/CakePlugin.php
- 5CORE/Event/CakeEventListener.php
- 6CORE/Event/CakeEvent.php
- 7CORE/Event/CakeEventManager.php
- 8CORE/Core/Object.php
- Routing(array)
- 0CORE/Routing/Dispatcher.php
- 1CORE/Routing/Filter/AssetDispatcher.php
- 2CORE/Routing/DispatcherFilter.php
- 3CORE/Routing/Filter/CacheDispatcher.php
- 4CORE/Routing/Router.php
- 5CORE/Routing/Route/CakeRoute.php
- 6CORE/Routing/Route/PluginShortRoute.php
- Utility(array)
- 0CORE/Utility/Hash.php
- 1CORE/Utility/Inflector.php
- 2CORE/Utility/ObjectCollection.php
- 3CORE/Utility/Debugger.php
- 4CORE/Utility/String.php
- 5CORE/Utility/ClassRegistry.php
- View(array)
- 0CORE/View/HelperCollection.php
- Cache(array)
- app(array)
- Config(array)
- 0APP/Config/core.php
- 1APP/Config/bootstrap.php
- 2APP/Config/routes.php
- 3APP/Config/database.php
- Controller(array)
- 0APP/Controller/CverevesController.php
- 1APP/Controller/AppController.php
- Model(array)
- 0APP/Model/Cveref.php
- 1APP/Model/AppModel.php
- 2APP/Model/Cveinfo.php
- Other(array)
- 0APP/webroot/index.php
- Config(array)
- plugins(array)
- DebugKit(array)
- Component(array)
- 0DebugKit/Controller/Component/ToolbarComponent.php
- Other(array)
- 0DebugKit/Lib/DebugMemory.php
- 1DebugKit/Lib/Panel/HistoryPanel.php
- 2DebugKit/Lib/DebugPanel.php
- 3DebugKit/Lib/Panel/SessionPanel.php
- 4DebugKit/Lib/Panel/RequestPanel.php
- 5DebugKit/Lib/Panel/SqlLogPanel.php
- 6DebugKit/Lib/Panel/TimerPanel.php
- 7DebugKit/Lib/Panel/LogPanel.php
- 8DebugKit/Lib/Panel/VariablesPanel.php
- 9DebugKit/Lib/Panel/EnvironmentPanel.php
- 10DebugKit/Lib/Panel/IncludePanel.php
- 11DebugKit/Lib/DebugTimer.php
- Log(array)
- 0DebugKit/Lib/Log/Engine/DebugKitLog.php
- Component(array)
- DebugKit(array)
====