Original version
http://www.security.nnov.ru/advisories/courier.asp
Title: Courier CPU exhaustion
Author: ZARAZA <3APA3A () security nnov ru>
Date: May, 31 2002
Affected: courier-0.38.1
Vendor: Double Precision, Inc.
Risk: Low to average
Remote: Yes
Exploitable: Yes
Vendor notified: May, 20 2002
Product URL: http://www.courier-mta.org
SECURITY.NNOV URL: http://www.security.nnov.ru
Advanced info: http://www.security.nnov.ru/search/news.asp?binid=2055
Introduction:
Courier is widely used suite of e-mail services written with security in
mind.
Problem:
A loop with unchecked iteration counter controlled by user input may
cause courier to freeze for over the minute with 100% CPU usage on
single command or message.
Details:
rfc822_parsedt.c:
unsigned day=0, mon=0, year;
...
unsigned y;
...
if (year < 1970) return (0);
...
for (y=1970; y<year; y++) ...
year may be any unsigned integer.
Vendor:
Sam Varshavchik <mrsam () courier-mta com> was contacted on May, 20.
Problem was patched in CVS version on the same day.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Bonus on imap-uw:
Imap-uw allows user to access any file he could access locally. It's not
a bug it's insecurity by design (it was not created with security in
mind ;-). According FAQ from vendor's web site (it's not mentioned in a
FAQ inside program distribution):
-=-=-=-=-=-=-
5.1 I see that the IMAP server allows access to arbitary files on the
system, including /etc/passwd! How do I disable this?
Intro
