BugTraq
Back to list
|
Post reply
vpopmail <= 5.4.2 (sybase vulnerability)
Aug 17 2004 10:44AM
Jérôme ATHIAS (jerome athias caramail com)
(1 replies)
Bug: format string and buffer overflow (sybase)
Product: vpopmail <= 5.4.2 (sybase vulnerability)
Author: Werro [werro (at) list (dot) ru [email concealed]]
Realease Date : 12/08/04
Risk: Low
Vendor status: Vendor is in a big shit :)
Reference: http://web-hack.ru/unl0ck/advisories/
Overview:
vpopmail is a set of programs for creating and managing
multiple virtual domains on a qmail server.
Details:
Bugs were founded in SyBase. In vsybase.c file.
------------------- char dirbuf[156]; \__Vulnerability___________________________________________________
... |
if ( strlen(dir) > 0 ) |
{ |
sprintf(dirbuf,"%s/%s/%s", dom_dir,dir,user); |
^^^^^^^ - buffer overflow |
}else{ |
sprintf(dirbuf, "%s/%s", dom_dir, user); |
^^^^^^^ - buffer overflow |
} |
... |
|
if ( site_size == LARGE_SITE ) { |
sprintf( SqlBuf, LARGE_INSERT, domstr, |
user, pass, pop, gecos, dirbuf, quota); |
^^^^^^^ - format string |
} else { |
sprintf( SqlBuf, SMALL_INSERT, |
SYBASE_DEFAULT_TABLE, user, domain, pass, pop, gecos, dirbuf, quota); |
} ^^^^^^^ - format string ______________________________________________|
----------------------------------------/
Two vulnerability : format string and buffer overflow.
Latest Version is Vulnerable.
To avoid this bugs, you must use snprintf() with format like "%s".
12/08/04.
(c) by unl0ck team.
http://web-hack.ru/unl0ck
[ reply ]
[2Cents on] vpopmail <= 5.4.2 (sybase vulnerability)
Aug 18 2004 10:47AM
bugtraq beyondsecurity com
Privacy Statement
Copyright 2010, SecurityFocus
Bug: format string and buffer overflow (sybase)
Product: vpopmail <= 5.4.2 (sybase vulnerability)
Author: Werro [werro (at) list (dot) ru [email concealed]]
Realease Date : 12/08/04
Risk: Low
Vendor status: Vendor is in a big shit :)
Reference: http://web-hack.ru/unl0ck/advisories/
Overview:
vpopmail is a set of programs for creating and managing
multiple virtual domains on a qmail server.
Details:
Bugs were founded in SyBase. In vsybase.c file.
------------------- char dirbuf[156]; \__Vulnerability___________________________________________________
... |
if ( strlen(dir) > 0 ) |
{ |
sprintf(dirbuf,"%s/%s/%s", dom_dir,dir,user); |
^^^^^^^ - buffer overflow |
}else{ |
sprintf(dirbuf, "%s/%s", dom_dir, user); |
^^^^^^^ - buffer overflow |
} |
... |
|
if ( site_size == LARGE_SITE ) { |
sprintf( SqlBuf, LARGE_INSERT, domstr, |
user, pass, pop, gecos, dirbuf, quota); |
^^^^^^^ - format string |
} else { |
sprintf( SqlBuf, SMALL_INSERT, |
SYBASE_DEFAULT_TABLE, user, domain, pass, pop, gecos, dirbuf, quota); |
} ^^^^^^^ - format string ______________________________________________|
----------------------------------------/
Two vulnerability : format string and buffer overflow.
Latest Version is Vulnerable.
To avoid this bugs, you must use snprintf() with format like "%s".
12/08/04.
(c) by unl0ck team.
http://web-hack.ru/unl0ck
[ reply ]