lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070218051226.17827.qmail@securityfocus.com>
Date: 18 Feb 2007 05:12:26 -0000
From: hotturk@...et.com
To: bugtraq@...urityfocus.com
Subject: qwik-smtpd format string

Advisory          : H0tTurk-
Product           : qwik-smtpd (latest version).
Vendor            : http://qwikmail.sourceforge.net/
Bug           : format string vulnerability
Vendor Status     : Released Patch. http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch 

------------------------------------------------------------------------------------------------------------

It is an SMTP (mail) server that supports SMTP and ESMTP. Once finished,
it will be very secure, hopefully with the same reputation as qmail.
-------------------------------------------------

I found format string bug in Qwik-SMTP daemon.
See this:

File: qwik-smtpd.c

sprintf(Received,"Received: from %s (TURK %s) (%s) by %s with SMTP; %s\n", clientHost,
clientHelo, clientIP, localHost, timebuf);
...
          else
          {
            fprintf(fpout,Received);
....

As you can see, bug found in main() function. This type is REMOTE.
We don't want to release an exploit to avoid kids usage.

Spc Thx:
Drmaxvirus,Gencturk,&#304;lkerkandemir,TiT,LuciferCihan,madconfig,tr-zindan,Theghost,SAWTURK,Ambassador,RidvanCihan,Crackers_Child,Kurtefendy,And Ayyildiz Vip TiM User,Soldiers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ