Computalynx CMail Web Interface CPU Consumption DoS Vulnerability
BID:1319
Info
Computalynx CMail Web Interface CPU Consumption DoS Vulnerability
| Bugtraq ID: | 1319 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 05 2000 12:00AM |
| Updated: | Jun 05 2000 12:00AM |
| Credit: | Discovered by the Delphis Consulting Internet Security Team (DCIST) <[email protected]> and publicized in a Security Team Advisory DST2K0011 on June 5, 2000. |
| Vulnerable: |
Computalynx CMail 2.4.7 |
| Not Vulnerable: | |
Discussion
Computalynx CMail Web Interface CPU Consumption DoS Vulnerability
ComputaLynx CMail's Web Interface, which resides on port 8002 by default, is vulnerable to a temporary CPU utilization DoS (which could theoretically be rendered more serious with repeated attacks). After connecting to the service, it is possible to enter a long username (around 200k) which will cause CPU use to jump to about 95%. The process releases the CPU after an uncertain amount of time.
ComputaLynx CMail's Web Interface, which resides on port 8002 by default, is vulnerable to a temporary CPU utilization DoS (which could theoretically be rendered more serious with repeated attacks). After connecting to the service, it is possible to enter a long username (around 200k) which will cause CPU use to jump to about 95%. The process releases the CPU after an uncertain amount of time.
Solution / Fix
Computalynx CMail Web Interface CPU Consumption DoS Vulnerability
Solution:
Comuptalynx has rectified this issue in CMail Server 2.4.8.
Solution:
Comuptalynx has rectified this issue in CMail Server 2.4.8.
References
Computalynx CMail Web Interface CPU Consumption DoS Vulnerability
References:
References:
- Computalynx Home Page (Computalynx)
- Computalynx new fix article. (Computalynx)