• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Michael Krax log2mail Remote Buffer Overflow Vulnerability

A remotely exploitable buffer overflow has been discovered in the log2mail daemon. By generating a malicious log entry, it is possible for a remote attacker to overrun a static buffer in log2mail, potentially resulting in the corruption of sensitive memory values.

By exploiting this vulnerability, it may be possible to overwrite sensitive memory variables with attacker-supplied values, resulting in the execution of arbitrary code with the privileges of the daemon.

This vulnerability was reported in log2mail v0.2.5. It is not yet known if this issue affects earlier versions.