Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 Jan 2012 23:34:29 +0100
From: Michael Harrison <n0idx80@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: spamdyke buffer overflow vulnerability

Kurt,

Thanks for your extra effort. We greatly appreciate it.

Michael

On 1/23/12 10:53 PM, Kurt Seifried wrote:
> On 01/20/2012 06:35 PM, Kurt Seifried wrote:
>> On 01/20/2012 01:42 AM, Agostino Sarubbo wrote:
>>> According to secunia advisory:
>>> https://secunia.com/advisories/47548/ :
>>> Description:
>>>
>>> Some vulnerabilities have been reported in spamdyke, which potentially can be 
>>> exploited by malicious people to compromise a vulnerable system.
>>>
>>> The vulnerabilities are caused due to boundary errors related to the incorrect 
>>> use of the "snprintf()" and "vsnprintf()" functions, which can be exploited to 
>>> cause buffer overflows.
>>>
>>> The vulnerabilities are reported in versions prior to 4.3.0.
>>>
>>>
>>> Solution
>>> Update to version 4.3.0.
>>>
>>>
>>> and from upstream changelog:
>>> http://www.spamdyke.org/documentation/Changelog.txt :
>>>
>>> Fixed a number of very serious errors in the usage ofc.
>>>     The return value was being used as the length of the string printed into
>>>     the buffer, but the return value really indicates the length of the string
>>>     that *could* be printed if the buffer were of infinite size. Because the
>>>     returned value could be larger than the buffer's size, this meant remotely
>>>     exploitable buffer overflows were possible, depending on spamdyke's
>>>     configuration.
>>>
>>> and from upstream mailing list:
>>> http://www.mail-archive.com/spamdyke-release@...mdyke.org/msg00014.html
>>>
>>> it also fixes a series of major bugs 
>>> that could lead to buffer overflows.  Depending on spamdyke's configuration, 
>>> these could cause remotely exploitable security holes.  Please upgrade 
>>> immediately!
>>>
>>> Please assign a CVE
>>>
>> Can you include some links to actual code commits? I want to prevent
>> duplicates and more information would aid in that.
>>
> Ugh so I downloaded (www.spamdyke.org/download.html) and diff'ed
> spamdyke 4.2.1 and 4.3.0 and checked for snprint/vsnprintf occurances
> being replaced, there's about 80 (all virtually identical fixes). I also
> checked 4.3.0 to 4.3.1, no more of those fixes, so it's safe to say this
> fix at least is largely confined to the 4.3.0 update.
>
> Please use CVE-2012-0802 for this issue.
>
>
>

-- 

It's not about what you know, but what is left to learn~

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.17 (GNU/Linux)

mQENBE6MJ20BCACsvXUqJyxwgr61LOdRVMmczLC5VHDBEaaCfx4AwSihQm6od14h
6IQJVyHSp5hQz73n9yOmLeAV51akUSNwUcV85Fjxa169MDut7mexir6YkTDrwSdW
BRvopP6EuJaLAJwdK0/++YRD9eu6YDPlMp50ceCr47Yy8W0BGTb7Z2CvGnNntr7U
ZkHR+ALdEQNyqSQ/NGxe7lfO+MVSi0W2eDaUtR6JmmZCWyDRWDsiOsl/q+QnIJ7r
s3flrDe57zMXkw2rdI6lWm745i9kOyg0+Jw0gQwy8oHh/4ktdboU6WLkv2N9eeMR
l1a0AZeTSuOfWrepTF1K22E++1NuN3Y5TGKvABEBAAG0MU1pY2hhZWwgUi4gSGFy
cmlzb24gKEN1cnJlbnQpIDxuMGlkeDgwQGdtYWlsLmNvbT6JAT4EEwECACgFAk6M
J20CGwMFCQHanAAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGcT+eUbMgJy
T94H/2F98ZYomipk30ZcEZa+MsqLRcBdIvUgfS43cSih2KlhsjWavwYTYANJG4k0
TImCpoJymmEK0aozlPqeP9eGTFrAM8HPnlBqMqTP5B0dPn2hGnxFwP1NLq4KiwgH
YM/j2QqTZGvCaq82OtG8FwGNHRCJu+buN3zJ/VZNj5b05USEPnl8w92r5V4gbRyL
HZsVyGnPDzTsBDqoKjpMcCVD4uXQWDM9jLk366zLM6ChzhEX02bmKrFqkNnb7rd0
gFGR8svA4uWc2w58zrbZdMTsXDTimHdUm2KU4Cz49UxmyXW+T3SIEtsH8WYlaL+2
SAk8zYMMb95WjwZwrFt2hhfMBoa5AQ0ETownbQEIALZJ5AbAwQd4qhkPRDmpvgW3
AZgMj/s20sBo6XiS9PF4iUYwdKbEGUbKuahHH4dP4lrAKO0telzaLW+PY7NKaQ1k
iLubuiqr7VD2j3bXXD1bvFdmG6w+R+S3jmgZs20Sj+z8472eXXHSokrO8/jolopb
1xzZGUUVlVoJ7dSYaByqxQgcQCxrCiF1xj3CN32m51LAmaCFnJkVYwRTzZpCcOkf
I4eF+d+0OYlCEH9VTwhYJKJMuRFJjPJqzCiJyYky7Y5GqaY2QNnSX2tzGpurR6IP
HW/ZR4SFcnlL8HvHvT6+KVjfItS1M9ybTsXdf8Hl6BGkng+AO/bJKI2f3z2MXP0A
EQEAAYkBJQQYAQIADwUCTownbQIbDAUJAdqcAAAKCRBnE/nlGzICclJlCAChlNrr
CeZ3dzj/FrKQFozovCvgYV8GK83BHB3nBAsoOllvEzjmYbqIuCbbxWT5Dl5uatez
jV7mrfobmnKTsSCGy9WbLc54djiRRcHXpHCeIOCEt8RL85VLim91842Zxw7wTnB0
CfPM77scCvpekkzFaUj/yWxd6lzugKZ60AmuUxLWxzxPl+tcgRKCQT1XMe+EzyEd
yAObBp+Pyk8WAWth+mecxJ131AruPzKwTrvzyyQVaa7qwJzgkwOVKpTwHzvLUQqX
bPj3ZpIt4C0FLc5x91BYAXlt7rk5q3RZajBca+bODlAOJpU4fQs4ln+ZGt3sdTt4
HvFqkFebN/ZH/wWf
=Wk3z
-----END PGP PUBLIC KEY BLOCK-----



[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ