> Date: Sat, 16 Mar 2002 09:05:55 -1000 > From: Clifton Royston <[EMAIL PROTECTED]> > > On Sat, Mar 16, 2002 at 08:30:50AM -0500, Alan Brown wrote: > > I haven't seen this reported here > > I've corresponded briefly with the author and tried to reproduce it. > > I can't see the problem as described on any of my BSD/OS systems, e.g. > when pasting a string of 2560 'a's at the initial prompt ('user' > command input state.) qpopper reports a -ERR error message and, yes, > fails to exit promptly as it should, but unlike the problem description > it takes 0.0% CPU and terminates normally when the socket connection is > broken by disconnecting. > > I think it must be an OS-dependent problem, though there clearly is a > bug there in its not cutting off the client promptly after the error.
Dustin said that he had only tested on RedHat 7.2 ... > -- Clifton > > > ---------- Forwarded message ---------- > > Date: 15 Mar 2002 01:51:10 -0000 > > From: Dustin Childers <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: Bug in QPopper (All Versions?) > > > > > > Description: > > When sending a string that has 2048+ characters in > > it, the > > in.qpopper or popper process will begin to use > > massive > > amounts of CPU and will not stop until it is manually > > killed. > > > > Versions Affected: > > I tested this on 4.0.1 and 4.0.3. > > 4.0.2 is probably vulnerable also. > > Older versions may also be vulnerable. I haven't > > tested those. > > > > This works locally and remotely. > > > > Patch Information: > > I attempted to patch this but I was not successful. I > > found > > that the most reasonable place for this would be the > > msg_buf > > in popper/main.c or msg_buf in > > password/poppassd.c. > > > > Dustin E. Childers > > Security Administrator > > http://www.digitux.net/ > > -- > Clifton Royston -- LavaNet Systems Architect -- [EMAIL PROTECTED] > WWJD? "JWRTFM!" - Scott Dorsey (kludge) "JWG" - Eddie Aikau --------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3479 San Jose, CA 95134 | Internet: [EMAIL PROTECTED] "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff "The trouble with doing anything right the first time is that nobody appreciates how difficult it was." When a team of dedicated individuals makes a commitment to act as one... the sky's the limit.