SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Courier Mail Server Vendors:   Double Precision, Inc.
Courier Mail Server Input Validation Bug Lets Remote Users Send Mail Containing Bogus Dates to Cause the Server to Consume Available CPU Resources
SecurityTracker Alert ID:  1004433
SecurityTracker URL:  http://securitytracker.com/id/1004433
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 1 2002
Impact:   Denial of service via local system, Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.38.1
Description:   An input validation vulnerability was reported in the Courier mail server. A remote or local user can send an SMTP mail message via the server to cause the server to consume all available CPU resources.

SECURITY.NNOV reported that the Courier mail server includes an interation counter in the 'rfc822_parsedt.c' module that is set by user-supplied input. A remote or local user can send a mail message with a large date (year) value (any unsigned integer) that will cause the server to consume all available CPU resources for a temporary period of time (reported to be over a minute).

Impact:   A remote or local user can cause the server to consume all available CPU resources for a temporary period of time.
Solution:   The vendor has issed a fix in the CVS version. The CVS repository for Courier is available at:

http://sourceforge.net/cvs/?group_id=5404

Vendor URL:  www.courier-mta.org (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  Courier CPU exhaustion


Title:                  Courier CPU exhaustion
Author:                 ZARAZA <3APA3A@security.nnov.ru>
Date:                   May, 31 2002
Affected:               courier-0.38.1
Vendor:                 Double Precision, Inc.
Risk:                   Low to average
Remote:                 Yes
Exploitable:            Yes
Vendor notified:        May, 20 2002
Product URL:            http://www.courier-mta.org
SECURITY.NNOV URL:      http://www.security.nnov.ru
Advanced info:          http://www.security.nnov.ru/search/
                         news.asp?binid=2055

Introduction:

Courier is widely used suite of e-mail services written with security in
mind.

Problem:

A  loop  with  unchecked  iteration counter controlled by user input may
cause  courier  to  freeze  for  over  the minute with 100% CPU usage on
single command or message.

Details:

rfc822_parsedt.c:

        unsigned day=0, mon=0, year;
        ...
        unsigned y;
        ...
        if (year < 1970)        return (0);
        ...
        for (y=1970; y<year; y++) ...

year may be any unsigned integer.


Vendor:

 Sam  Varshavchik  <mrsam@courier-mta.com>  was  contacted  on  May, 20.
 Problem was patched in CVS version on the same day.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC