[11923] in bugtraq
cc:mail trivial DoS attack - self mailbombing.
daemon@ATHENA.MIT.EDU (Alan Brown)
Thu Sep 16 03:30:38 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.05.9909160529390.13330-100000@mailhost.manawatu.net.nz>
Date: Thu, 16 Sep 1999 05:35:50 +1200
Reply-To: Alan Brown <alan@MANAWATU.GEN.NZ>
From: Alan Brown <alan@MANAWATU.GEN.NZ>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
This seems to work on most cc:mail installations
Send mail to postmaster@[x.x.x.x] where x.x.x.x is the IP address of the
server.
In most cases, the machine will mailbomb itself into the ground
with undeliverable mail messages.
For bonus points, use a bogus, undeliverable sender envelope and watch
it crash even faster.
In some cases, postmaster@rDNS.name will have the same effect, depending
how badly setup the server is.
Script kiddies may like to have fun by using a sender envelope belonging
to someone else. One case I've seen resulted in the machine sending over
5800 "postmaster: No such user" errors for one message sent to it.
AB
