DSINet Security Advisory DSINET-SA-02-01 - Web-CyrAdm v0.5.2 and below contains a remote denial of service vulnerability.
ba242380d4f682e24aac783eb1cde075f23c147ef23b9fa049411c4356f3f841-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
DSINet Security Advisory DSINET-SA-02-01
http://www.dsinet.org/textfiles/advisories/dsinet/dsinet-sa-02-01.txt
Potential DOS attack with Web-CyrAdm
Program: Web-CyrAdm
Credits: Remko Lodder ( remko@dsinet.org - http://www.dsinet.org/ )
Vendor: Luc de Louw ( luc at delouw.ch - http://www.web-cyradm.org/ )
Affected versions: Version 0.5.2 and older.
Non-affected versions: CVS snapshot as of 12-12-2002.
- - Synopsis
The Package Web-CyrAdm, used for administring Cyrus IMAP deamons,
has a potential DoS attack.
- - Problem description
When the IMAP daemon is not running a DoS situation can
occur when someone logs into the web-cyradm package.
The problem rises when someone selects a domain and wants to administer
his / her user accounts.
What happens?
At this point there is no check that looks if IMAP is running or not.
Without this check the program goes into a infinite loop complaining
about valid file handlers.
- - Impact
This problem can increase the total datastream to 10mb+ in a matter of
seconds.
This also causes the host to stop responding to other requests, including
those coming from localhost.
In some cases it takes down the entire system as a result of heavy CPU
utilization.
Remko notified luc at delouw.ch immediatly by creating a bugzilla bug
thread. Luc responded quickly and updated the CVS right away.
- - Solution
The solution is a check which looks wether the IMAP daemon runs or not.
$cyr_conn = new cyradm;
$error=$cyr_conn -> imap_login();
if ($error!=0){
die ("Error $error");
}
This is the given solution and as far as the vendor could see it worked.
- - Affected files:
browseaccounts.php
deleteaccount.php
newaccount.php
- - Actions to be taken by users
Users using Web-CyrAdm are advised to upgrade to the latest version which
can be found in the CVS.
- - Credits
Thanks go out to:
Remko Lodder (remko@dsinet.org) for tracing this bug,
Luc de Louw (luc at delouw.ch) for patching it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE+D5/3XB/SQMVhvpIRArXkAJ9KEK/ROqUEOq3oNfs4sged9WUj4gCffpAL
D9Dya0UmET2ltghmveo/H/M=
=Eh+c
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed