Jürgen Hoffmann wrote:
>
> Hi everyone,
>
> I discovered what I think is a local security risk for DoS Attacks. If
> vchkpw fails to find tcprules it hangs and uses up 100% CPU Time causing for
> a machine with several hundreds of pop connections in an hour to finally
> hang.
>
> There is no error message by any means.
>
> It cost me hours of searching and recompiling berore I noticed that another
> admin user had accidently moved the tcprules binary from /usr/bin to
> /usr/local/bin
>
> any comments? reproducable?
>
> kind Regards
>
> Juergen Hoffmann
Sounds like better code should be around the exec of the tcprules
program.
Ken Jones
