| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 17 Aug 2004 10:44:52 -0000
From: "Jérôme" ATHIAS <jerome.athias@...amail.com>
To: bugtraq@...urityfocus.com
Subject: vpopmail <= 5.4.2 (sybase vulnerability)
Bug: format string and buffer overflow (sybase)
Product: vpopmail <= 5.4.2 (sybase vulnerability)
Author: Werro [werro@...t.ru]
Realease Date : 12/08/04
Risk: Low
Vendor status: Vendor is in a big shit :)
Reference: http://web-hack.ru/unl0ck/advisories/
Overview:
vpopmail is a set of programs for creating and managing
multiple virtual domains on a qmail server.
Details:
Bugs were founded in SyBase. In vsybase.c file.
-------------------\
char dirbuf[156]; \__Vulnerability___________________________________________________
... |
if ( strlen(dir) > 0 ) |
{ |
sprintf(dirbuf,"%s/%s/%s", dom_dir,dir,user); |
^^^^^^^ - buffer overflow |
}else{ |
sprintf(dirbuf, "%s/%s", dom_dir, user); |
^^^^^^^ - buffer overflow |
} |
... |
|
if ( site_size == LARGE_SITE ) { |
sprintf( SqlBuf, LARGE_INSERT, domstr, |
user, pass, pop, gecos, dirbuf, quota); |
^^^^^^^ - format string |
} else { |
sprintf( SqlBuf, SMALL_INSERT, |
SYBASE_DEFAULT_TABLE, user, domain, pass, pop, gecos, dirbuf, quota); |
} ^^^^^^^ - format string ______________________________________________|
----------------------------------------/
Two vulnerability : format string and buffer overflow.
Latest Version is Vulnerable.
To avoid this bugs, you must use snprintf() with format like "%s".
12/08/04.
(c) by unl0ck team.
http://web-hack.ru/unl0ck
Powered by blists - more mailing lists