8146718 2002-03-15 01:51 +0000 /35 rader/ Dustin Childers <dustin@acm.org> Sänt av: joel@lysator.liu.se Importerad: 2002-03-15 20:52 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <21442> Ärende: Bug in QPopper (All Versions?) ------------------------------------------------------------ From: Dustin Childers <dustin@acm.org> To: bugtraq@securityfocus.com Message-ID: <20020315015110.14475.qmail@mail.securityfocus.com> Description: When sending a string that has 2048+ characters in it, the in.qpopper or popper process will begin to use massive amounts of CPU and will not stop until it is manually killed. Versions Affected: I tested this on 4.0.1 and 4.0.3. 4.0.2 is probably vulnerable also. Older versions may also be vulnerable. I haven't tested those. This works locally and remotely. Patch Information: I attempted to patch this but I was not successful. I found that the most reasonable place for this would be the msg_buf in popper/main.c or msg_buf in password/poppassd.c. Dustin E. Childers Security Administrator http://www.digitux.net/ (8146718) /Dustin Childers <dustin@acm.org>/-------- 8147423 2002-03-15 20:07 +0000 /18 rader/ Dustin Childers <dustin@acm.org> Sänt av: joel@lysator.liu.se Importerad: 2002-03-16 00:47 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <21450> Ärende: Re: Bug in QPopper (All Versions?) ------------------------------------------------------------ From: Dustin Childers <dustin@acm.org> To: bugtraq@securityfocus.com Message-ID: <20020315200712.5231.qmail@mail.securityfocus.com> In-Reply-To: <20020315015110.14475.qmail@mail.securityfocus.com> I forgot to mention that this was only tested on RedHat 7.2. But any Operating System that runs QPopper could be vulnerable. The problem seems to be that QPopper goes into an infinited loop waiting for more requests. Dustin E. Childers Security Administrator http://www.digitux.net/ (8147423) /Dustin Childers <dustin@acm.org>/--------