|
Bugtraq
mailing list archives
pop3d/imap DOS (while we're on the subject)
From: alex () NET-CONNECT NET (Alex Mottram)
Date: Wed, 19 Apr 2000 19:54:04 -0500
I noticed the following behavior in the pop3 server as shipped with
Redhat 6.1 (still don't see
any updates to the imap package so I'm guessing it's still busted).
Unfortunately, I never got
off my butt and investigated it further or told anybody (until now).
Fortunately, it's not very
severe...
Basically, the pop server uses the same temp filename for each user in
the /tmp directory.
So.. if the file already exitsts, it assumes their mailbox is locked..
especially if it's owned by
a different user.
example:
[alex () alf alex]$ rpm -q imap
imap-4.5-4
(as a different user. I think if the user owns it, it'll remove it.
don't remember)
[zane () alf /tmp]$ :>.302.290fe
+OK POP3 localhost v7.59 server ready
user alex
+OK User name accepted, password please
pass xxxxxxxx
-ERR Can't get lock. Mailbox in use
...
 By Date 
By Thread
Current thread:
- pop3d/imap DOS (while we're on the subject) Alex Mottram (Apr 19)
|
Intro
