There is a bug in a free MailServer software for Windows NT from Vintra systems (www.vintra.com/mailsrvr.html) Any remote user can cause the mail transport (MTA) to use 99% CPU.
Telnet to 25 port, send "helo yourhostname", then "mail from: somebody", then "rcpt to: anyone" commands, and instead of data command next, send "expn *@" and the software begins its infinite loop.
Disable the "expn" command by editing sendmail.cf, adding the folowing line:
Restart the mail server once this line has been added to the config.
Vintra has been informed. Stay tuned for their response.
To learn more about NT Security concerns, subscribe to NTSDCredits
- Originally reported by Vytis Fedaravicius
Posted on The NT Shop on July 21, 1998