gnubiff POP3 uidl Saturation DoS

2004-09-06T04:16:35
ID OSVDB:9731
Type osvdb
Reporter OSVDB
Modified 2004-09-06T04:16:35

Description

Vulnerability Description

gnubiff contains a flaw that may allow a remote denial of service. The issue is triggered when processing UIDL lists, which may allow a remote attacker to crash the process with excessive UIDL requests, and will result in loss of availability for the service.

Solution Description

Upgrade to version 2.0.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

gnubiff contains a flaw that may allow a remote denial of service. The issue is triggered when processing UIDL lists, which may allow a remote attacker to crash the process with excessive UIDL requests, and will result in loss of availability for the service.

References:

Vendor URL: http://gnubiff.sourceforge.net/ Vendor Specific Advisory URL Secunia Advisory ID:12445 ISS X-Force ID: 17282 CVE-2004-2460 Bugtraq ID: 11123