Date: Fri, 20 Jan 2012 18:35:03 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Agostino Sarubbo <ago@...too.org> Subject: Re: CVE request: spamdyke buffer overflow vulnerability On 01/20/2012 01:42 AM, Agostino Sarubbo wrote: > According to secunia advisory: > https://secunia.com/advisories/47548/ : > Description: > > Some vulnerabilities have been reported in spamdyke, which potentially can be > exploited by malicious people to compromise a vulnerable system. > > The vulnerabilities are caused due to boundary errors related to the incorrect > use of the "snprintf()" and "vsnprintf()" functions, which can be exploited to > cause buffer overflows. > > The vulnerabilities are reported in versions prior to 4.3.0. > > > Solution > Update to version 4.3.0. > > > and from upstream changelog: > http://www.spamdyke.org/documentation/Changelog.txt : > > Fixed a number of very serious errors in the usage of snprintf()/vsnprintf(). > The return value was being used as the length of the string printed into > the buffer, but the return value really indicates the length of the string > that *could* be printed if the buffer were of infinite size. Because the > returned value could be larger than the buffer's size, this meant remotely > exploitable buffer overflows were possible, depending on spamdyke's > configuration. > > and from upstream mailing list: > http://www.mail-archive.com/spamdyke-release@...mdyke.org/msg00014.html > > it also fixes a series of major bugs > that could lead to buffer overflows. Depending on spamdyke's configuration, > these could cause remotely exploitable security holes. Please upgrade > immediately! > > Please assign a CVE > Can you include some links to actual code commits? I want to prevent duplicates and more information would aid in that. -- -- -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ