Информационная безопасность
[RU] switch to English




Title:                  Courier CPU exhaustion
Author:                 ZARAZA <[email protected]>
Date:                   May, 31 2002
Affected:               courier-0.38.1
Vendor:                 Double Precision, Inc.
Risk:                   Low to average
Remote:                 Yes
Exploitable:            Yes
Vendor notified:        May, 20 2002
Product URL:            http://www.courier-mta.org
SECURITY.NNOV URL:      http://www.security.nnov.ru
Advanced info:          http://www.security.nnov.ru/search/
                         news.asp?binid=2055

Introduction:

Courier is widely used suite of e-mail services written with security in
mind.

Problem:

A  loop  with  unchecked  iteration counter controlled by user input may
cause  courier  to  freeze  for  over  the minute with 100% CPU usage on
single command or message.

Details:

rfc822_parsedt.c:

        unsigned day=0, mon=0, year;
        ...
        unsigned y;
        ...
        if (year < 1970)        return (0);
        ...
        for (y=1970; y<year; y++) ...

year may be any unsigned integer.


Vendor:

 Sam  Varshavchik  [email protected]>  was  contacted  on  May, 20.
 Problem was patched in CVS version on the same day.
  

:                          Courier
:                     3APA3A <[email protected]>
:                      31  2002
:                  courier-0.38.1
:             Double Precision, Inc.
:                    
:                 
:           
 :   20  2002
 : http://www.security.nnov.ru/search/
                            news.asp?binid=2055

:

 Courier     .

:

       ,   
     ,     .

:

rfc822_parsedt.c:

        unsigned day=0, mon=0, year;
        ...
        unsigned y;
        ...
        if (year < 1970)        return (0);
        ...
        for (y=1970; y<year; y++) ...

  year  .

:

 Sam  Varshavchik  [email protected]>   20  2002.
         CVS-.

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород