Pine / IMAP bug?

2001-08-01T00:00:00
ID SECURITYVULNS:DOC:1897
Type securityvulns
Reporter Securityvulns
Modified 2001-08-01T00:00:00

Description

I am not sure if this is a known issue but here goes:

By sending a small message by directly telnetting to port 25 and doing the following I was able to crash Pine:

(someone@somehost) ~ > telnet some.mail.server 25 Trying xxx.xxx.xxx.xxx... Connected to some.mail.server. Escape character is '^]'. 220 Unauthorized use prohibited. helo interrogation 250 Unauthorized use prohibited. mail from: <someone@emailaddress.com> 250 ok rcpt to: <someoneelse@emailaddress.com> 250 ok data 354 go ahead this is a test to see if it crashes pine... . 250 ok 996609784 qp 13171 quit 221 Unauthorized use prohibited. Connection closed by foreign host.

The SMTP server above is Solaris 7 running qmail. IMAP server is OpenBSD 2.8 running qmail and courier imap. Client is Pine 4.33 on OpenBSD 2.8.

Pine brings down the message but since it has no header info, it is left blank in the message index. Then when you try to select any message, it gives: MAIL FOLDER "INBOX" CLOSED DUE TO ACCESS ERROR. Exiting pine and restarting was a no go as well.

The only way to get Pine running again was by actually entering the Maildir and deleting the message manually.

Thanks,

Shawn