hMailServer 4.4.1 DoS vulnerability

2008.08.17
Credit: J Antunes
Risk: Low
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

---------------------------------------- Synopsis ---------------------------------------- hMailServer is vulnerable to resource exhaustion attacks that can cause a denial-of-service (DoS). The IMAP server crashes when processing too many IMAP commands as it quickly exhaust its resources. Product: hMailServer Version: 4.4.1 and probably the older versions Vendor: hMailServer (www.hmailserver.com) Type: Denial-of-service (Resource Exhaustion) Risk: service disruption Remote: Yes Discovered by: Jo?o Antunes (AJECT -- Attack Injection Tool) on 05/Jun/ 2008 Exploit: Not Available Solution: upgrade to beta version 4.4.2 (Build 279) Status: Developers were contacted and released a beta version correcting the resource exhaustion vulnerability. ---------------------------------------- Vulnerability Description ---------------------------------------- The vulnerability can be triggered by sending many IMAP commands repeatedly. A01 CREATE AAAAA A02 CREATE AAAAAA A03 CREATE AAAAAAA ... A97 RENAME AAAAA BBBBB A98 RENAME AAAAAA BBBBBB A100 RENAME AAAAAAA BBBBBBB The number of IMAP commands to crash the server depends on the server resources, but it should take over 20k messages to exhaust 256 MB RAM. An authenticated client can write a script to overwhelm the server with too many requests, eventually depleting all memory resources in the server ,and thus successfully creating a DoS.

References:

http://www.securityfocus.com/bid/30663
http://www.hmailserver.com/documentation/?page=changelog
http://www.securityfocus.com/archive/1/archive/1/495361/100/0/threaded
http://secunia.com/advisories/31480


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top