SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Postfix Vendors:   Postfix.org
Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
SecurityTracker Alert ID:  1002756
SecurityTracker URL:  http://securitytracker.com/id/1002756
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 15 2001
Impact:   Denial of service via network

Version(s): Postfix version 20010228-pl05, other versions are apparently affected
Description:   A denial of service vulnerability was reported in the Postfix mailer. A remote user can cause the mail server to consume all available memory and crash.

It is reported that a remote user can cause the Postfix smtpd to consume all available memory by initiating a large number of unsuccessful sessions. This is apparently due to the lack of a resource limit on the dynamically allocated SMTP session log.

Impact:   A remote user can cause the mail server to consume all available memory and crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.postfix.org/ (Links to External Site)
Cause:   Resource error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Issues Fix) Re: Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
The vendor has released a fix.
(Conectiva Issues Fix) Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
The vendor has released a fix.
(Red Hat Issues Fix) Re: Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
Red Hat has issued a fix.
(Mandrake Issues Fix) Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
Mandrake has released a fix.
(Debian Issues Fix) Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
The vendor has released a fix.



 Source Message Contents

Subject:  [remote] [kill] postfix smtpd can chew up all your memory


This is almost too funny for words.

You may recall that Wietse Venema, kicking off a mud-slinging campaign
to promote Postfix in June 1997, blamed qmail-smtpd for allocating
memory up to the resource limits set by the system administrator.

You may also recall part of my public response at the time:

   Venema seems to think that it's better design to have separate code
   in each program to impose configurable artificial limits on every
   dynamically allocated structure for network data. Idiocy.

Later, when I wrote http://cr.yp.to/qmail/venema.html, I expanded
``Idiocy'' into ``I think that this is remarkably bad engineering.'' The
reasons are obvious to any competent programmer: Venema's approach is
vastly more complicated and error-prone than system resource limits.

Guess what? Venema forgot to put an artificial limit on Postfix's
dynamically allocated SMTP session log. If the system administrator
doesn't have resource limits, an attacker can trivially convince
Postfix's smtpd to use all available memory. Many other programs will
then die because they don't have enough memory.

This was reported for Postfix version 20010228-pl05. Apparently it
applies to all Postfix versions. Venema comments that earlier versions
would clear the log ``after each successful delivery,'' but there's no
reason that the attacker has to allow a successful delivery.

Is Venema going to make as much of a fuss about this as he made about
qmail-smtpd? Is he going to post ``exploits,'' send messages to bugtraq,
and try to have entries added to vulnerability databases? Stay tuned.
I'll content myself with ROTFLMAO.

---Dan


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC