Cyrus IMAP Server Potential Denial of Service Vulnerability

The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail and system-wide bulletin boards through the IMAP protocol.

It has been reported that the server may be suspceptible to a denial of service attack when running under BSDi 4.2. This behaviour has been exhibited when using PHP's IMAP functionality. It may be possible to cause the server to consume all available system resources, requiring that the server or system be reset manually.

Additional technical details are forthcoming.


Privacy Statement
Copyright 2010, SecurityFocus