qmail Long SMTP Session DoS

2004-01-15T11:23:15
ID OSVDB:3538
Type osvdb
Reporter OSVDB
Modified 2004-01-15T11:23:15

Description

Vulnerability Description

qmail contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker initiates an exceptionally long SMTP session, and will result in loss of availability for the session.

Technical Description

It has been reported that this vulnerability may also allow a buffer overflow, which would allow an attacker to execute arbitrary commands on the server. If such an overflow exists, it has not yet been shown to be exploitable.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

qmail contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker initiates an exceptionally long SMTP session, and will result in loss of availability for the session.

References:

Vendor URL: http://cr.yp.to Secunia Advisory ID:10649 Other Advisory URL: http://www.guninski.com/qmailcrash.html