QMail RCPT Denial of Service Vulnerability
BID:2237
Info
QMail RCPT Denial of Service Vulnerability
| Bugtraq ID: | 2237 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-1999-0144 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 11 1997 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | This behaviour was discovered by Wietse Venema. It was posted to Bugtraq on June 11, 1997 by Frank DENIS <[email protected]>. |
| Vulnerable: |
Dan Bernstein QMail 1.0 3 |
| Not Vulnerable: | |
Solution / Fix
QMail RCPT Denial of Service Vulnerability
Solution:
Setting user resource limits on the server process will prevent Qmail from allocating enough memory to cause a denial of service.
The following command will set the maximum amount of memory processes can allocate in the heap to 1 MB.
'ulimit -d 1024'.
If placed in the init scripts, the limit will be put in place whenever the system intializes.
This information was supplied by Dan Bernstein <[email protected]>.
Solution:
Setting user resource limits on the server process will prevent Qmail from allocating enough memory to cause a denial of service.
The following command will set the maximum amount of memory processes can allocate in the heap to 1 MB.
'ulimit -d 1024'.
If placed in the init scripts, the limit will be put in place whenever the system intializes.
This information was supplied by Dan Bernstein <[email protected]>.