lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <89F22BEF-CE8D-412F-A9A7-85C8DA3B0664@di.fc.ul.pt>
Date: Tue, 12 Aug 2008 17:53:35 +0100
From: João Antunes <jantunes@...fc.ul.pt>
To: bugtraq@...urityfocus.com, vuldb@...urityfocus.com
Subject: [AJECT] hMailServer 4.4.1 DoS vulnerability

----------------------------------------
Synopsis
----------------------------------------
hMailServer is vulnerable to resource exhaustion attacks that can  
cause a denial-of-service (DoS). The IMAP server crashes when  
processing too many IMAP commands as it quickly exhaust its resources.

Product: hMailServer
Version: 4.4.1 and probably the older versions
Vendor: hMailServer (www.hmailserver.com)
Type: Denial-of-service (Resource Exhaustion)
Risk: service disruption
Remote: Yes
Discovered by: João Antunes (AJECT -- Attack Injection Tool) on 05/Jun/ 
2008
Exploit: Not Available
Solution: upgrade to beta version 4.4.2 (Build 279)
Status: Developers were contacted and released a beta version  
correcting the resource exhaustion vulnerability.


----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending many IMAP commands  
repeatedly.
A01 CREATE AAAAA
A02 CREATE AAAAAA
A03 CREATE AAAAAAA
...
A97 RENAME AAAAA BBBBB
A98 RENAME AAAAAA BBBBBB
A100 RENAME AAAAAAA BBBBBBB

The number of IMAP commands to crash the server depends on the server  
resources, but it should take over 20k messages to exhaust 256 MB RAM.  
An authenticated client can write a script to overwhelm the server  
with too many requests, eventually depleting all memory resources in  
the server ,and thus successfully creating a DoS.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ