Home page logo
/

bugtraq logo Bugtraq mailing list archives

Bug in QPopper (All Versions?)
From: Dustin Childers <dustin () acm org>
Date: 15 Mar 2002 01:51:10 -0000



Description:
  When sending a string that has 2048+ characters in 
it, the
  in.qpopper or popper process will begin to use 
massive
  amounts of CPU and will not stop until it is manually 
killed.
 
Versions Affected:
  I tested this on 4.0.1 and 4.0.3.
  4.0.2 is probably vulnerable also.
  Older versions may also be vulnerable. I haven't 
tested those.
 
  This works locally and remotely.
 
Patch Information:
  I attempted to patch this but I was not successful. I 
found
  that the most reasonable place for this would be the 
msg_buf
  in popper/main.c or msg_buf in 
password/poppassd.c.

Dustin E. Childers
Security Administrator
http://www.digitux.net/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]