https://www.exploit-db.com/exploits/19869
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200108-166

qpopperPOP服务器会创建带有可预测名称的锁定文件，本地用户可以通过创建其他邮箱的锁定文件导致这些用户的服务拒绝（无法访问邮件）。

source: http://www.securityfocus.com/bid/1132/info

Vulnerabilities exist in a number of pop3 daemon implementations, having to do with their creation of lock files. Affected include Qualcomm's qpopper, and the popd included as part of the imap-4 rpm from RedHat. Lockfiles in both implementation are created with consistent local file names; the RedHat popd in /tmp, with a fairly random name (albeit consistent for a given user), and in the mail spool directory, with the user name prepended by a "." and appended with ".pop". Creation of either of these files will prevent the popd user from being able to establish a connection to retrieve their mail.

The FreeBSD port of imap-uw contains this vulnerability. It is not, however, included as a standard part of a FreeBSD install.

touch /var/mail/.username.pop

来源:BID
名称:1132
链接:http://www.securityfocus.com/bid/1132
来源:BUGTRAQ
名称:20000420pop3
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=95634229925906&w;=2
来源:BUGTRAQ
名称:20000420pop3d/imapDOS(whilewe’reonthesubject)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=95624629924545&w;=2