E-Post Multiple Product IMAP APPEND Command Infinite Loop DoS

2006-01-25T04:48:14
ID OSVDB:22766
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2006-01-25T04:48:14

Description

Vulnerability Description

E-Post contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends an APPEND command to the IMAP service and terminates the connection without sending the expected amount of data. This causes the server to go into an infinite loop, consuming a large amount of CPU resources, resulting in a loss of availability for the service.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, E-POST Inc. has released a patch to address this vulnerability.

Short Description

E-Post contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends an APPEND command to the IMAP service and terminates the connection without sending the expected amount of data. This causes the server to go into an infinite loop, consuming a large amount of CPU resources, resulting in a loss of availability for the service.

References:

Vendor URL: http://www.e-postinc.jp/ Secunia Advisory ID:18480 Related OSVDB ID: 22762 Related OSVDB ID: 22763 Related OSVDB ID: 22764 Related OSVDB ID: 22761 Related OSVDB ID: 22765 Other Advisory URL: http://secunia.com/secunia_research/2006-1/advisory/ ISS X-Force ID: 24341 FrSIRT Advisory: ADV-2006-0318 CVE-2006-0449 Bugtraq ID: 16379