lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200212300232.18105.tonus@dsinet.org>
From: tonus at dsinet.org (Casper Aleva)
Subject: Potential DOS attack with Web-CyrAdm.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


DSINet Security Advisory DSINET-SA-02-01
http://www.dsinet.org/textfiles/advisories/dsinet/dsinet-sa-02-01.txt

Potential DOS attack with Web-CyrAdm

Program: Web-CyrAdm
Credits: Remko Lodder ( remko@...net.org - http://www.dsinet.org/ )
Vendor: Luc de Louw ( luc at delouw.ch - http://www.web-cyradm.org/ )
Affected versions: Version 0.5.2 and older.
Non-affected versions: CVS snapshot as of 12-12-2002.

- - Synopsis
The Package Web-CyrAdm, used for administring Cyrus IMAP deamons,
has a potential DoS attack.


- - Problem description
When the IMAP daemon is not running a DoS situation can
occur when someone logs into the web-cyradm package.
The problem rises when someone selects a domain and wants to administer
his / her user accounts.
What happens?
At this point there is no check that looks if IMAP is running or not.
Without this check the program goes into a infinite loop complaining
about valid file handlers.

- - Impact
This problem can increase the total datastream to 10mb+ in a matter of 
seconds.
This also causes the host to stop responding to other requests, including 
those coming from localhost.
In some cases it takes down the entire system as a result of heavy CPU 
utilization.

Remko notified luc at delouw.ch immediatly by creating a bugzilla bug
thread. Luc responded quickly and updated the CVS right away.

- - Solution
The solution is a check which looks wether the IMAP daemon runs or not.

        $cyr_conn = new cyradm;

       $error=$cyr_conn -> imap_login();

       if ($error!=0){
               die ("Error $error");
       }
This is the given solution and as far as the vendor could see it worked.

- - Affected files:
browseaccounts.php
deleteaccount.php
newaccount.php

- - Actions to be taken by users
Users using Web-CyrAdm are advised to upgrade to the latest version which
can be found in the CVS.

- - Credits
Thanks go out to:

Remko Lodder (remko@...net.org) for tracing this bug,
Luc de Louw (luc at delouw.ch) for patching it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQE+D6GtXB/SQMVhvpIRAv9DAJ4pts0itzID6S/uZPov7ni4ic0WngCg0Whg
ZYru8RktjGjgSJDFZBwQ3AI=
=D/MB
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ