Vigil@nce: qmailAdmin, vpopmail, bypassing quotas
May 2009 by Vigil@nce
When the administrator defined quotas over 2Gb, they are not
honoured by qmailAdmin and vpopmail.
– Severity: 1/4
– Consequences: denial of service of service
– Provenance: user account
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: unique source (2/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 11/05/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The vpopmail program is used to create virtual mailboxes. The
qmailAdmin program is used to manage a qmail or vpopmail messaging
system.
The administrator can define a quota in qmailAdmin and vpopmail in
order to limit the size of users’ mailboxes.
However, these quotas are stored in a signed 32 bit integer. The
maximal value is thus 2^31-1 = 2147483647 = 2Go. If the
administrator defined a superior value, it is not honoured. The
mailbox size is therefore not limited.
When the administrator defined quotas over 2Gb, they are thus not
honoured by qmailAdmin and vpopmail.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-8702
– Url: http://vigilance.fr/vulnerability/qmailAdmin-vpopmail-bypassing-quotas-8702