[10908] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Outlook denial of service

daemon@ATHENA.MIT.EDU (YoDuh)
Sat Jun 26 13:05:34 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990625132402.A13194@area51.verge.net>
Date: 	Fri, 25 Jun 1999 13:24:02 -0700
Reply-To: YoDuh <yoduh@GETACLUE.ORG>
From: YoDuh <yoduh@GETACLUE.ORG>
To: BUGTRAQ@NETSPACE.ORG

I've found a problem in qualcomm popper (and presumabley others) in that it
doesn't check for an existing X-UIDL: headers, but simpley uses it when the
client sends in a uidl request.  This problem can manifest itself as an
effective denial of service attack against microsoft outlook clients
because outlook looks for unique uidl's for each message and if there are
duplicates it will hang prior to downloading any mail.  I've put up a small
web site detailing the problem and some possible work arounds/fixes at

	http://getaclue.org/yoduh/outlook.html


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[10908] in bugtraq

Outlook denial of service

daemon@ATHENA.MIT.EDU (YoDuh)Sat Jun 26 13:05:34 1999

daemon@ATHENA.MIT.EDU (YoDuh)
Sat Jun 26 13:05:34 1999