dsinet-sa-02-01.txt

2002-12-30T00:00:00
ID PACKETSTORM:30683
Type packetstorm
Reporter Casper Aleva
Modified 2002-12-30T00:00:00

Description

                                        
                                            `-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
  
DSINet Security Advisory DSINET-SA-02-01  
http://www.dsinet.org/textfiles/advisories/dsinet/dsinet-sa-02-01.txt  
  
Potential DOS attack with Web-CyrAdm  
  
Program: Web-CyrAdm  
Credits: Remko Lodder ( remko@dsinet.org - http://www.dsinet.org/ )  
Vendor: Luc de Louw ( luc at delouw.ch - http://www.web-cyradm.org/ )  
Affected versions: Version 0.5.2 and older.  
Non-affected versions: CVS snapshot as of 12-12-2002.  
  
- - Synopsis  
The Package Web-CyrAdm, used for administring Cyrus IMAP deamons,  
has a potential DoS attack.  
  
  
- - Problem description  
When the IMAP daemon is not running a DoS situation can  
occur when someone logs into the web-cyradm package.  
The problem rises when someone selects a domain and wants to administer  
his / her user accounts.  
What happens?  
At this point there is no check that looks if IMAP is running or not.  
Without this check the program goes into a infinite loop complaining  
about valid file handlers.  
  
- - Impact  
This problem can increase the total datastream to 10mb+ in a matter of   
seconds.  
This also causes the host to stop responding to other requests, including   
those coming from localhost.  
In some cases it takes down the entire system as a result of heavy CPU   
utilization.  
  
Remko notified luc at delouw.ch immediatly by creating a bugzilla bug  
thread. Luc responded quickly and updated the CVS right away.  
  
- - Solution  
The solution is a check which looks wether the IMAP daemon runs or not.  
  
$cyr_conn = new cyradm;  
  
$error=$cyr_conn -> imap_login();  
  
if ($error!=0){  
die ("Error $error");  
}  
This is the given solution and as far as the vendor could see it worked.  
  
- - Affected files:  
browseaccounts.php  
deleteaccount.php  
newaccount.php  
  
- - Actions to be taken by users  
Users using Web-CyrAdm are advised to upgrade to the latest version which  
can be found in the CVS.  
  
- - Credits  
Thanks go out to:  
  
Remko Lodder (remko@dsinet.org) for tracing this bug,  
Luc de Louw (luc at delouw.ch) for patching it.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.0.7 (FreeBSD)  
  
iD8DBQE+D5/3XB/SQMVhvpIRArXkAJ9KEK/ROqUEOq3oNfs4sged9WUj4gCffpAL  
D9Dya0UmET2ltghmveo/H/M=  
=Eh+c  
-----END PGP SIGNATURE-----  
  
`