Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2
From: Administrator (MG) (admin@eol.ca)Date: 08/30/01
- Previous message: Ben Ford: "eRisk Security Advisory: PhpMyExplorer vulnerable to directory traversal."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <006b01c13115$f9839930$3e03a8c0@gabalawi> From: "Administrator (MG)" <admin@eol.ca> To: <bugtraq@securityfocus.com> Subject: Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2 Date: Thu, 30 Aug 2001 01:38:18 -0400
Use of the php IMAP functions on BSDi webserver with Apache against a cyrus
server on BSDi 4.2 will eventually cause the mail server to hang, forcing a
hard reboot.
A BSDi 4.2 Cyrus server could be remotely DOS'd if external IMAP access is
available.
This has been experienced running IMP and Jawmail, two popular OSS webmail
packages which do not exhibit this behavior on other platforms.
This has been tested with the php compiled against c-client versions 2000
and 4.7, and with Cyrus 2.0.15 and 2.0.16 as the mail server.
The cyrus sever does not exhibit this behavior with regular mail clients.
It has also been tested with php 4.0.4pl1 and php 4.0.6
At this time, I am unable to determine if the issue is with the c-client or
with PHP.
M. Gamble
Echo Online Administration
- Previous message: Ben Ford: "eRisk Security Advisory: PhpMyExplorer vulnerable to directory traversal."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
