[原文]Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent.
E-Post Multiple Products IMAP APPEND Command Infinite Loop DoS
Remote / Network Access
Denial of Service
Loss of Availability
E-Post contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends an APPEND command to the IMAP service and terminates the connection without sending the expected amount of data. This causes the server to go into an infinite loop, consuming a large amount of CPU resources, resulting in a loss of availability for the service.
Currently, there are no known workarounds or upgrades to correct this issue. However, E-POST Inc. has released a patch to address this vulnerability.