Bug in QPopper (All Versions?)

From: Dustin Childers (dustin@acm.org)
Date: 03/15/02


Date: 15 Mar 2002 01:51:10 -0000
From: Dustin Childers <dustin@acm.org>
To: bugtraq@securityfocus.com


('binary' encoding is not supported, stored as-is)

Description:
  When sending a string that has 2048+ characters in
it, the
  in.qpopper or popper process will begin to use
massive
  amounts of CPU and will not stop until it is manually
killed.
 
Versions Affected:
  I tested this on 4.0.1 and 4.0.3.
  4.0.2 is probably vulnerable also.
  Older versions may also be vulnerable. I haven't
tested those.
 
  This works locally and remotely.
 
Patch Information:
  I attempted to patch this but I was not successful. I
found
  that the most reasonable place for this would be the
msg_buf
  in popper/main.c or msg_buf in
password/poppassd.c.

Dustin E. Childers
Security Administrator
http://www.digitux.net/