lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: kostya.kortchinsky at (Kostya Kortchinsky)
Subject: eMule v0.42d Buffer Overflow

eMule v0.42d Buffer Overflow


A vulnerability exists in eMule v0.42d (and probably earlier versions)
in the DecodeBase16(...) function. This function takes an hexadecimal
string, its length, and a destination buffer (on the stack) as
parameters. The function decodes whatever is supplied, no length check
is performed on the string nor on the buffer, leading to a possible
stack overflow.

The function is called 5 times in the code: 3 times in the web server
(which may require authentication) and 2 times in the IRC client (not
connected by default).

  uchar userid[16];

Proof of concept

Bourriquet is an mIRC alias exploiting this overflow in v0.42d via the
SENDLINK command, it calls MessageBoxA (to display 'Patch your eMule !')
and then ExitProcess :

/bourriquet { .quote PRIVMSG $1


Developer response

The flaw was reported to bluecow from the eMule Team on March, 30th
2004 on IRC. He stated the issue would be patched in the upcoming eMule
release, available here:

An effort was also done in changing the IRC server address and kicking
out vulnerable clients (nice work :)


The following options are available:
- upgrade to eMule version 0.42e,
- do not use the eMule web server and IRC client,
- uninstall eMule :)


The vulnerability was discovered by Kostya Kortchinsky, from CERT
RENATER, on March 24th 2004, following a FHP meeting and a remark from
nico : "eMule and all these P2P tools are better than VNC to get remote
access to a box".

Greetings to the people of the French Honeynet Project, MISC Magazine


CanSecWest/core04 : Top security experts. Cutting edge techniques and
  Vancouver, Canada - April 21-23 2004 -

Symposium sur la S?curit? des Technologies de l'Information et des
  Rennes, France - June 2-4 2004 -

See you there,


Powered by blists - more mailing lists