CVE-1999-1515

Vulnerability

TenFour TFS Gateway 4.0, when configured with the 'return entire message to sender' option enabled for failed send attempts, is vulnerable to a denial of service. This vulnerability affects versions of TFS Gateway 4.0 that are running with this specific non-default configuration [1].

Exploitation

An attacker can exploit this vulnerability by sending an email to the TFS Gateway with an invalid sender address (e.g., invalid@remote.com) and an invalid recipient address (e.g., invalid@target.com). This can be achieved by connecting to the gateway's SMTP server via telnet and issuing specific commands, such as MAIL FROM: invalid@remote.com and RCPT TO: invalid@target.com [1].

Impact

Successful exploitation causes the TFS Gateway to continuously attempt to return the malformed message every 10 seconds. If multiple such messages are sent, especially if they are large, this can lead to a degradation of service or a complete denial of service until an administrator manually intervenes to stop the process [1].

Mitigation

No specific patch or fixed version information is available in the provided references. Administrators can disable the 'return entire message to sender' option for failed send attempts to mitigate this vulnerability. If this option is not enabled, the described attack vector will not function [1].