[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4
From: |
Arkadiusz Miskiewicz |
Subject: |
Re: [Tpop3d-devel] Potential Bug/Security issue in tpop3d-1.5.4 |
Date: |
Sat, 12 Jul 2008 01:37:49 +0200 |
User-agent: |
PLD Linux KMail/1.9.9 |
On Thursday 03 July 2008, Eric Noack wrote:
> Hi folks.
>
> I have been running into segfaults with tpop3d after massive brute
> force password guessing attacks on a production system,
> resulting in a denial of service scenario.
>
> The version running was tpop3d-1.5.4, compiled and installed via the
> gentoo portage system on a 64bit linux server
> (compiled with gcc -march=athlon64) - running with tls/ssl enabled and
> mysql based mail authentication
>
> The system had been running stable for over 3 years (with different
> versions of tpop3d),
There is a bug in poll handling. The pfds array is accessed with index beyond
allocated memory. See listeners_pre_select() for example.
Not sure if you are hitting exactly this bug.
--
Arkadiusz MiĆkiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/