hMailServer IMAP命令拒绝服务漏洞

2008-08-14T00:00:00
ID SSV:3835
Type seebug
Reporter Root
Modified 2008-08-14T00:00:00

Description

BUGTRAQ ID: 30663 CNCAN ID:CNCAN-2008081411

hMailServer是一款EMAIL服务程序。 hMailServer IMAP服务程序不正确处理IMAP命令,远程攻击者可以利用漏洞对服务器进行拒绝服务攻击。 发送大量IMAP命令: A01 CREATE AAAAA A02 CREATE AAAAAA A03 CREATE AAAAAAA ... A97 RENAME AAAAA BBBBB A98 RENAME AAAAAA BBBBBB A100 RENAME AAAAAAA BBBBBBB 可导致服务器消耗大量资源而造成拒绝服务攻击。

hMailServer hMailServer 4.4.1 厂商解决方案 升级到hMailServer hMailServer 4.4.2版本: hMailServer hMailServer 4.4.1 hMailServer hMailServer 4.4.2 (Build 279) <a href=http://www.hmailserver.com/?page=download_mirrors&downloadid=144 target=_blank>http://www.hmailserver.com/?page=download_mirrors&downloadid=144</a>