Title: Courier CPU exhaustion
Author: ZARAZA <[email protected]>
Date: May, 31 2002
Affected: courier-0.38.1
Vendor: Double Precision, Inc.
Risk: Low to average
Remote: Yes
Exploitable: Yes
Vendor notified: May, 20 2002
Product URL: http://www.courier-mta.org
SECURITY.NNOV URL: http://www.security.nnov.ru
Advanced info: http://www.security.nnov.ru/search/
news.asp?binid=2055
Introduction:
Courier is widely used suite of e-mail services written with security in
mind.
Problem:
A loop with unchecked iteration counter controlled by user input may
cause courier to freeze for over the minute with 100% CPU usage on
single command or message.
Details:
rfc822_parsedt.c:
unsigned day=0, mon=0, year;
...
unsigned y;
...
if (year < 1970) return (0);
...
for (y=1970; y<year; y++) ...
year may be any unsigned integer.
Vendor:
Sam Varshavchik [email protected]> was contacted on May, 20.
Problem was patched in CVS version on the same day.
: Courier
: 3APA3A <[email protected]>
: 31 2002
: courier-0.38.1
: Double Precision, Inc.
:
:
:
: 20 2002
: http://www.security.nnov.ru/search/
news.asp?binid=2055
:
Courier .
:
,
, .
:
rfc822_parsedt.c:
unsigned day=0, mon=0, year;
...
unsigned y;
...
if (year < 1970) return (0);
...
for (y=1970; y<year; y++) ...
year .
:
Sam Varshavchik [email protected]> 20 2002.
CVS-.
|