[tpop3d-discuss] ssl Bug
Chris Lightfoot
chris at ex-parrot.com
Wed, 5 Nov 2003 16:14:29 +0000
On Wed, Nov 05, 2003 at 04:50:17PM +0100, Jens Liebchen (ppp-design) wrote:
> are there any news about the ssl-bug? Has anybody some more information
> if this is tpop3d or openssl related (Chris?)?
No, not yet, I'm afraid.
> If not, we should considere tpop3d in combination with ssl as unstable
> and maybe we/Chris should release a small advisory about that, as it can
> lead to a DoS of the effected mailbox.
My guess is that this is a buffering rather than a message
format issue, but I'm not yet sure. I haven't had enough
information to localise it yet, though there have been
intermittent reports of this ever since TLS support was
added to tpop3d :(
Can somebody put a mailspool which exhibits this problem
on an FTP/web site somewhere, so that I can get a
binary-perfect copy of it here, and also tell me the
exact configuration (OS, architecture, libraries etc.)
they are using (preferably on Linux, but at a pinch I can
manage FreeBSD etc. on x86).
--
Go mad this weekend: buy some beef! (advert at a supermarket)