Date: Mon, 23 Jan 2012 23:34:29 +0100 From: Michael Harrison <n0idx80@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: spamdyke buffer overflow vulnerability Kurt, Thanks for your extra effort. We greatly appreciate it. Michael On 1/23/12 10:53 PM, Kurt Seifried wrote: > On 01/20/2012 06:35 PM, Kurt Seifried wrote: >> On 01/20/2012 01:42 AM, Agostino Sarubbo wrote: >>> According to secunia advisory: >>> https://secunia.com/advisories/47548/ : >>> Description: >>> >>> Some vulnerabilities have been reported in spamdyke, which potentially can be >>> exploited by malicious people to compromise a vulnerable system. >>> >>> The vulnerabilities are caused due to boundary errors related to the incorrect >>> use of the "snprintf()" and "vsnprintf()" functions, which can be exploited to >>> cause buffer overflows. >>> >>> The vulnerabilities are reported in versions prior to 4.3.0. >>> >>> >>> Solution >>> Update to version 4.3.0. >>> >>> >>> and from upstream changelog: >>> http://www.spamdyke.org/documentation/Changelog.txt : >>> >>> Fixed a number of very serious errors in the usage ofc. >>> The return value was being used as the length of the string printed into >>> the buffer, but the return value really indicates the length of the string >>> that *could* be printed if the buffer were of infinite size. Because the >>> returned value could be larger than the buffer's size, this meant remotely >>> exploitable buffer overflows were possible, depending on spamdyke's >>> configuration. >>> >>> and from upstream mailing list: >>> http://email@example.com/msg00014.html >>> >>> it also fixes a series of major bugs >>> that could lead to buffer overflows. Depending on spamdyke's configuration, >>> these could cause remotely exploitable security holes. Please upgrade >>> immediately! >>> >>> Please assign a CVE >>> >> Can you include some links to actual code commits? I want to prevent >> duplicates and more information would aid in that. >> > Ugh so I downloaded (www.spamdyke.org/download.html) and diff'ed > spamdyke 4.2.1 and 4.3.0 and checked for snprint/vsnprintf occurances > being replaced, there's about 80 (all virtually identical fixes). I also > checked 4.3.0 to 4.3.1, no more of those fixes, so it's safe to say this > fix at least is largely confined to the 4.3.0 update. > > Please use CVE-2012-0802 for this issue. > > > -- It's not about what you know, but what is left to learn~ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.17 (GNU/Linux) mQENBE6MJ20BCACsvXUqJyxwgr61LOdRVMmczLC5VHDBEaaCfx4AwSihQm6od14h 6IQJVyHSp5hQz73n9yOmLeAV51akUSNwUcV85Fjxa169MDut7mexir6YkTDrwSdW BRvopP6EuJaLAJwdK0/++YRD9eu6YDPlMp50ceCr47Yy8W0BGTb7Z2CvGnNntr7U ZkHR+ALdEQNyqSQ/NGxe7lfO+MVSi0W2eDaUtR6JmmZCWyDRWDsiOsl/q+QnIJ7r s3flrDe57zMXkw2rdI6lWm745i9kOyg0+Jw0gQwy8oHh/4ktdboU6WLkv2N9eeMR l1a0AZeTSuOfWrepTF1K22E++1NuN3Y5TGKvABEBAAG0MU1pY2hhZWwgUi4gSGFy cmlzb24gKEN1cnJlbnQpIDxuMGlkeDgwQGdtYWlsLmNvbT6JAT4EEwECACgFAk6M J20CGwMFCQHanAAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGcT+eUbMgJy T94H/2F98ZYomipk30ZcEZa+MsqLRcBdIvUgfS43cSih2KlhsjWavwYTYANJG4k0 TImCpoJymmEK0aozlPqeP9eGTFrAM8HPnlBqMqTP5B0dPn2hGnxFwP1NLq4KiwgH YM/j2QqTZGvCaq82OtG8FwGNHRCJu+buN3zJ/VZNj5b05USEPnl8w92r5V4gbRyL HZsVyGnPDzTsBDqoKjpMcCVD4uXQWDM9jLk366zLM6ChzhEX02bmKrFqkNnb7rd0 gFGR8svA4uWc2w58zrbZdMTsXDTimHdUm2KU4Cz49UxmyXW+T3SIEtsH8WYlaL+2 SAk8zYMMb95WjwZwrFt2hhfMBoa5AQ0ETownbQEIALZJ5AbAwQd4qhkPRDmpvgW3 AZgMj/s20sBo6XiS9PF4iUYwdKbEGUbKuahHH4dP4lrAKO0telzaLW+PY7NKaQ1k iLubuiqr7VD2j3bXXD1bvFdmG6w+R+S3jmgZs20Sj+z8472eXXHSokrO8/jolopb 1xzZGUUVlVoJ7dSYaByqxQgcQCxrCiF1xj3CN32m51LAmaCFnJkVYwRTzZpCcOkf I4eF+d+0OYlCEH9VTwhYJKJMuRFJjPJqzCiJyYky7Y5GqaY2QNnSX2tzGpurR6IP HW/ZR4SFcnlL8HvHvT6+KVjfItS1M9ybTsXdf8Hl6BGkng+AO/bJKI2f3z2MXP0A EQEAAYkBJQQYAQIADwUCTownbQIbDAUJAdqcAAAKCRBnE/nlGzICclJlCAChlNrr CeZ3dzj/FrKQFozovCvgYV8GK83BHB3nBAsoOllvEzjmYbqIuCbbxWT5Dl5uatez jV7mrfobmnKTsSCGy9WbLc54djiRRcHXpHCeIOCEt8RL85VLim91842Zxw7wTnB0 CfPM77scCvpekkzFaUj/yWxd6lzugKZ60AmuUxLWxzxPl+tcgRKCQT1XMe+EzyEd yAObBp+Pyk8WAWth+mecxJ131AruPzKwTrvzyyQVaa7qwJzgkwOVKpTwHzvLUQqX bPj3ZpIt4C0FLc5x91BYAXlt7rk5q3RZajBca+bODlAOJpU4fQs4ln+ZGt3sdTt4 HvFqkFebN/ZH/wWf =Wk3z -----END PGP PUBLIC KEY BLOCK----- Download attachment "signature.asc" of type "application/pgp-signature" (536 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ