-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DSINet Security Advisory DSINET-SA-02-01 http://www.dsinet.org/textfiles/advisories/dsinet/dsinet-sa-02-01.txt Potential DOS attack with Web-CyrAdm Program: Web-CyrAdm Credits: Remko Lodder ( remko@dsinet.org - http://www.dsinet.org/ ) Vendor: Luc de Louw ( luc at delouw.ch - http://www.web-cyradm.org/ ) Affected versions: Version 0.5.2 and older. Non-affected versions: CVS snapshot as of 12-12-2002. - - Synopsis The Package Web-CyrAdm, used for administring Cyrus IMAP deamons, has a potential DoS attack. - - Problem description When the IMAP daemon is not running a DoS situation can occur when someone logs into the web-cyradm package. The problem rises when someone selects a domain and wants to administer his / her user accounts. What happens? At this point there is no check that looks if IMAP is running or not. Without this check the program goes into a infinite loop complaining about valid file handlers. - - Impact This problem can increase the total datastream to 10mb+ in a matter of seconds. This also causes the host to stop responding to other requests, including those coming from localhost. In some cases it takes down the entire system as a result of heavy CPU utilization. Remko notified luc at delouw.ch immediatly by creating a bugzilla bug thread. Luc responded quickly and updated the CVS right away. - - Solution The solution is a check which looks wether the IMAP daemon runs or not. $cyr_conn = new cyradm; $error=$cyr_conn -> imap_login(); if ($error!=0){ die ("Error $error"); } This is the given solution and as far as the vendor could see it worked. - - Affected files: browseaccounts.php deleteaccount.php newaccount.php - - Actions to be taken by users Users using Web-CyrAdm are advised to upgrade to the latest version which can be found in the CVS. - - Credits Thanks go out to: Remko Lodder (remko@dsinet.org) for tracing this bug, Luc de Louw (luc at delouw.ch) for patching it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE+D5/3XB/SQMVhvpIRArXkAJ9KEK/ROqUEOq3oNfs4sged9WUj4gCffpAL D9Dya0UmET2ltghmveo/H/M= =Eh+c -----END PGP SIGNATURE-----