exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

hmailsever-dos.txt

hmailsever-dos.txt
Posted Aug 13, 2008
Authored by Joao Antunes

hMailServer version 4.4.1 is vulnerable to resource exhaustion attacks that can lead to a denial of service.

tags | advisory, denial of service
SHA-256 | df8e62b98bc0d6e172ac35d89b852eb297c68fa84db745d55a7b5761515ec875

hmailsever-dos.txt

Change Mirror Download
----------------------------------------
Synopsis
----------------------------------------
hMailServer is vulnerable to resource exhaustion attacks that can
cause a denial-of-service (DoS). The IMAP server crashes when
processing too many IMAP commands as it quickly exhaust its resources.

Product: hMailServer
Version: 4.4.1 and probably the older versions
Vendor: hMailServer (www.hmailserver.com)
Type: Denial-of-service (Resource Exhaustion)
Risk: service disruption
Remote: Yes
Discovered by: João Antunes (AJECT -- Attack Injection Tool) on 05/Jun/
2008
Exploit: Not Available
Solution: upgrade to beta version 4.4.2 (Build 279)
Status: Developers were contacted and released a beta version
correcting the resource exhaustion vulnerability.


----------------------------------------
Vulnerability Description
----------------------------------------
The vulnerability can be triggered by sending many IMAP commands
repeatedly.
A01 CREATE AAAAA
A02 CREATE AAAAAA
A03 CREATE AAAAAAA
...
A97 RENAME AAAAA BBBBB
A98 RENAME AAAAAA BBBBBB
A100 RENAME AAAAAAA BBBBBBB

The number of IMAP commands to crash the server depends on the server
resources, but it should take over 20k messages to exhaust 256 MB RAM.
An authenticated client can write a script to overwhelm the server
with too many requests, eventually depleting all memory resources in
the server ,and thus successfully creating a DoS.
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close