Issue Details (XML | Word | Printable)

Key: JAMES-535
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Critical Critical
Assignee: Noel J. Bergman
Reporter: Norman Maurer
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
JAMES Server

Denial of service (CPU consumption) via a long argument to the MAIL command.

Created: 15/Jun/06 03:54 PM   Updated: 21/Nov/07 08:31 AM
Return to search
Component/s: SMTPServer
Affects Version/s: 2.2.0, 2.3.0
Fix Version/s: 2.3.0

Time Tracking:
Not Specified

Resolution Date: 16/Jun/06 04:02 AM


 Description  « Hide
The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.

See:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2806

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Repository Revision Date User Message
ASF #414436 Thu Jun 15 02:00:50 UTC 2006 noel Quick fix for CVE-2006-2806 / JAMES-535
Files Changed
MODIFY /james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java
MODIFY /james/server/trunk/src/java/org/apache/james/smtpserver/SMTPHandler.java

Repository Revision Date User Message
ASF #414677 Thu Jun 15 20:41:45 UTC 2006 noel Quick fix for CVE-2006-2806 / JAMES-535
Files Changed
MODIFY /james/server/branches/v2.3/src/java/org/apache/james/smtpserver/SMTPHandler.java

Repository Revision Date User Message
ASF #414680 Thu Jun 15 20:44:47 UTC 2006 noel Copy part of a quick fix for CVE-2006-2806 / JAMES-535 from trunk
Files Changed
ADD /james/server/branches/v2.3/src/java/org/apache/james/util/CRLFTerminatedReader.java (from /james/server/trunk/src/java/org/apache/james/util/CRLFTerminatedReader.java)

[ Permlink | « Hide ]
Noel J. Bergman added a comment - 16/Jun/06 04:02 AM
Should be resolved in the v2.3 release branch and in trunk.

Noel J. Bergman made changes - 16/Jun/06 04:02 AM
Field Original Value New Value
Fix Version/s 2.4.0 [ 12311645 ]
Status Open [ 1 ] Resolved [ 5 ]
Fix Version/s 2.3.0 [ 12310796 ]
Resolution Fixed [ 1 ]
Noel J. Bergman made changes - 16/Jun/06 07:31 AM
Assignee Noel J. Bergman [ noel ]
Stefano Bagnara made changes - 06/Jul/06 10:33 PM
Fix Version/s 2.3.0 [ 12310796 ]
Fix Version/s 2.3.0b2 [ 12311974 ]
Fix Version/s 2.4.0 [ 12311645 ]
[ Permlink | « Hide ]
Danny Angus added a comment - 21/Nov/07 08:31 AM
Closing issue fixed in released version.

Danny Angus made changes - 21/Nov/07 08:31 AM
Status Resolved [ 5 ] Closed [ 6 ]

Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators