3APA3A wrote: > Original version > http://www.security.nnov.ru/advisories/courier.asp > > Title: Courier CPU exhaustion > Author: ZARAZA <3APA3Aat_private> > Date: May, 31 2002 > Affected: courier-0.38.1 > Vendor: Double Precision, Inc. > Risk: Low to average > Remote: Yes > Exploitable: Yes > Vendor notified: May, 20 2002 > Product URL: http://www.courier-mta.org > SECURITY.NNOV URL: http://www.security.nnov.ru > Advanced info: http://www.security.nnov.ru/search/news.asp?binid=2055 > > Introduction: > > Courier is widely used suite of e-mail services written with security in > mind. > > Problem: > > A loop with unchecked iteration counter controlled by user input may > cause courier to freeze for over the minute with 100% CPU usage on > single command or message. > > Details: > > rfc822_parsedt.c: > > unsigned day=0, mon=0, year; > ... > unsigned y; > ... > if (year < 1970) return (0); > ... > for (y=1970; y<year; y++) ... > > year may be any unsigned integer. > > > Vendor: > > Sam Varshavchik <mrsam@courier-mta.com> was contacted on May, 20. > Problem was patched in CVS version on the same day. > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > Bonus on imap-uw: > > Imap-uw allows user to access any file he could access locally. It's not > a bug it's insecurity by design (it was not created with security in > mind ;-). According FAQ from vendor's web site (it's not mentioned in a > FAQ inside program distribution): > > -=-=-=-=-=-=- > > 5.1 I see that the IMAP server allows access to arbitary files on the > system, including /etc/passwd! How do I disable this? This issue with uw-imapd has been known about for years and years and years. I brought this up about two years ago and I noticed others had as well. Changing one if statement in a source file fixes the behaviour and yes it is a FEATURE not a BUG. I don't recall the exact location or if statement to change but looking through uw-imapd archives is how I found it out a couple years ago, and I recommend you do the same. -Stan
This archive was generated by hypermail 2b30 : Sat Jun 01 2002 - 16:37:12 PDT