Outlook denial of service

From: YoDuh (yoduhat_private)
Date: Fri Jun 25 1999 - 13:24:02 PDT

Next message: Jason R. Rhoads: "VMware Security Alert"

Previous message: sillyhead: "Re: [RHSA-1999:017-01] Potential security problem in Red Hat 6.0"
Next in thread: Nicholas W. Blasgen: "Re: Outlook denial of service"
Reply: Nicholas W. Blasgen: "Re: Outlook denial of service"
Reply: Aleph One: "Re: Outlook denial of service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've found a problem in qualcomm popper (and presumabley others) in that it
doesn't check for an existing X-UIDL: headers, but simpley uses it when the
client sends in a uidl request.  This problem can manifest itself as an
effective denial of service attack against microsoft outlook clients
because outlook looks for unique uidl's for each message and if there are
duplicates it will hang prior to downloading any mail.  I've put up a small
web site detailing the problem and some possible work arounds/fixes at

	http://getaclue.org/yoduh/outlook.html

Next message: Jason R. Rhoads: "VMware Security Alert"
Previous message: sillyhead: "Re: [RHSA-1999:017-01] Potential security problem in Red Hat 6.0"
Next in thread: Nicholas W. Blasgen: "Re: Outlook denial of service"
Reply: Nicholas W. Blasgen: "Re: Outlook denial of service"
Reply: Aleph One: "Re: Outlook denial of service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:51:03 PDT