Bug in QPopper (All Versions?)

From: Dustin Childers (dustinat_private)
Date: Thu Mar 14 2002 - 17:51:10 PST

Next message: Dragos Ruiu: "Re: ZLib double free bug: Windows NT potentially unaffected"

Previous message: Peter Mueller: "RE: [Whitehat] about zlib vulnerability"
Next in thread: Dustin Childers: "Re: Bug in QPopper (All Versions?)"
Reply: Dustin Childers: "Re: Bug in QPopper (All Versions?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Description: When sending a string that has 2048+ characters in it, the in.qpopper or popper process will begin to use massive amounts of CPU and will not stop until it is manually killed. Versions Affected: I tested this on 4.0.1 and 4.0.3. 4.0.2 is probably vulnerable also. Older versions may also be vulnerable. I haven't tested those. This works locally and remotely. Patch Information: I attempted to patch this but I was not successful. I found that the most reasonable place for this would be the msg_buf in popper/main.c or msg_buf in password/poppassd.c. Dustin E. Childers Security Administrator http://www.digitux.net/

Next message: Dragos Ruiu: "Re: ZLib double free bug: Windows NT potentially unaffected"
Previous message: Peter Mueller: "RE: [Whitehat] about zlib vulnerability"
Next in thread: Dustin Childers: "Re: Bug in QPopper (All Versions?)"
Reply: Dustin Childers: "Re: Bug in QPopper (All Versions?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 11:48:22 PST