Vigil@nce: qmailAdmin, vpopmail, bypassing quotas
May 2009 by Vigil@nce
When the administrator defined quotas over 2Gb, they are not honoured by qmailAdmin and vpopmail.
Consequences: denial of service of service
Provenance: user account
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 11/05/2009
Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The vpopmail program is used to create virtual mailboxes. The qmailAdmin program is used to manage a qmail or vpopmail messaging system.
The administrator can define a quota in qmailAdmin and vpopmail in order to limit the size of users’ mailboxes.
However, these quotas are stored in a signed 32 bit integer. The maximal value is thus 2^31-1 = 2147483647 = 2Go. If the administrator defined a superior value, it is not honoured. The mailbox size is therefore not limited.
When the administrator defined quotas over 2Gb, they are thus not honoured by qmailAdmin and vpopmail.