[Dovecot] Possible CPU Denial-Of-Service attack to dovecot IMAP.

Timo Sirainen tss at iki.fi
Sun Feb 28 15:43:04 EET 2010


On Sun, 2010-02-28 at 16:21 +0300, Kostik wrote:
> Hello!
> 
> >> 5. I can provide download link to this buggy mailbox file if needed.
> > Yes, that would be helpful. I couldn't reproduce it.
> 
> I hope this will help:
> http://user.rol.ru/~koc/buggymbox

Interestingly enough, that's the same bug I just fixed today (after
spending several days trying to figure it out):
http://hg.dovecot.org/dovecot-2.0/rev/de2798fbbae6

Hmm. Since it's causing also real problems, I suppose I should fix it
for v1.2 too.. The problem anyway is only with v1.2 + mbox combination,
nothing else.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20100228/b53f377c/attachment.bin 


More information about the dovecot mailing list