|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: pop3d/imap DOS (while we're on the subject)
From: Alex Mottram (alex
NET-CONNECT.NET)Date: Wed Apr 19 2000 - 19:54:04 CDT
- Next message: Valdis.KletnieksVT.EDU: "Re: RUS-CERT Advisory 200004-01: GNU Emacs 20"
- Previous message: Elias Levy: "Re: Reappearance of an old IE security bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I noticed the following behavior in the pop3 server as shipped with
Redhat 6.1 (still don't see
any updates to the imap package so I'm guessing it's still busted).
Unfortunately, I never got
off my butt and investigated it further or told anybody (until now).
Fortunately, it's not very
severe...
Basically, the pop server uses the same temp filename for each user in
the /tmp directory.
So.. if the file already exitsts, it assumes their mailbox is locked..
especially if it's owned by
a different user.
example:
[alexalf alex]$ rpm -q imap
imap-4.5-4
(as a different user. I think if the user owns it, it'll remove it.
don't remember)
[zanealf /tmp]$ :>.302.290fe
+OK POP3 localhost v7.59 server ready
user alex
+OK User name accepted, password please
pass xxxxxxxx
-ERR Can't get lock. Mailbox in use
...
- Next message: Valdis.KletnieksVT.EDU: "Re: RUS-CERT Advisory 200004-01: GNU Emacs 20"
- Previous message: Elias Levy: "Re: Reappearance of an old IE security bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]