[Dovecot] Possible CPU Denial-Of-Service attack to dovecot IMAP.
Hello!
- I can provide download link to this buggy mailbox file if needed. Yes, that would be helpful. I couldn't reproduce it.
I hope this will help: http://user.rol.ru/~koc/buggymbox
=koc
Ванкувер 2010. Новости Олимпиады. http://olympic.aport.ru
On Sun, 2010-02-28 at 16:21 +0300, Kostik wrote:
Hello!
- I can provide download link to this buggy mailbox file if needed. Yes, that would be helpful. I couldn't reproduce it.
I hope this will help: http://user.rol.ru/~koc/buggymbox
Interestingly enough, that's the same bug I just fixed today (after spending several days trying to figure it out): http://hg.dovecot.org/dovecot-2.0/rev/de2798fbbae6
Hmm. Since it's causing also real problems, I suppose I should fix it for v1.2 too.. The problem anyway is only with v1.2 + mbox combination, nothing else.
On Sun, 2010-02-28 at 15:43 +0200, Timo Sirainen wrote:
Interestingly enough, that's the same bug I just fixed today (after spending several days trying to figure it out): http://hg.dovecot.org/dovecot-2.0/rev/de2798fbbae6
Hmm. Since it's causing also real problems, I suppose I should fix it for v1.2 too.. The problem anyway is only with v1.2 + mbox combination, nothing else.
Here's a workaround for v1.2: http://hg.dovecot.org/dovecot-1.2/rev/6c9f2ed821df
Hi!
Timo Sirainen wrote:
Hmm. Since it's causing also real problems, I suppose I should fix it for v1.2 too.. The problem anyway is only with v1.2 + mbox combination, nothing else.
Here's a workaround for v1.2: http://hg.dovecot.org/dovecot-1.2/rev/6c9f2ed821df
Yes, Timo, v1.2 works fine now.
BTW, my Thunderbird 2.0.0.23 hung at the opening of this massage. But now that is not dovecot problem. :)
=koc
participants (2)
-
Kostik
-
Timo Sirainen