Re: [Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4

tpop3d-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4

From:	Arkadiusz Miskiewicz
Subject:	Re: [Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4
Date:	Sat, 12 Jul 2008 01:37:49 +0200
User-agent:	PLD Linux KMail/1.9.9

On Thursday 03 July 2008, Eric Noack wrote:
> Hi folks.
>
> I have been running into segfaults with tpop3d after massive brute
> force password guessing attacks on a production system,
> resulting in a denial of service scenario.
>
> The version running was tpop3d-1.5.4, compiled and installed via the
> gentoo portage system on a 64bit linux server
> (compiled with gcc -march=athlon64) - running with tls/ssl enabled and
> mysql based mail authentication
>
> The system had been running stable for over 3 years (with different
> versions of tpop3d),

There is a bug in poll handling. The pfds array is accessed with index beyond 
allocated memory. See listeners_pre_select() for example.

Not sure if you are hitting exactly this bug.
-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4, Eric Noack, 2008/07/03
- Re: [Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4, Arkadiusz Miskiewicz <=
  - Re: [Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4, Arkadiusz Miskiewicz, 2008/07/12

Prev by Date: [Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4
Next by Date: Re: [Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4
Previous by thread: [Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4
Next by thread: Re: [Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4
Index(es):
- Date
- Thread