.:: Security Advisory ::.
                  by unl0ck team [http://unl0ck.host.kz]
                               _  _     ___  _  __  _  _
             |  |  _  |  _   _  |/       |  |_ |__| |\/|
             |__| | | | |_| |_ _|\_      |  |_ |  | |  |


Advisory: #4 by unl0ck team
Bug: buffer overflow (sybase) and maybe SQL injection
Product: vpopmail <= 5.4.2 (sybase vulnerability)
Author: Werro [werro@list.ru]
Realease Date : 12/08/04
Risk: Low
Vendor status: Vendor is in a big shit :)
Reference: http://unl0ck.host.kz/advisories.php


Overview:
vpopmail is a set of programs for creating and managing
multiple virtual domains on a qmail server.

Details:
Bugs were founded in SyBase. In vsybase.c file.

-------------------\
 char dirbuf[156];  \__Vulnerability___________________________________________________
 ...                                                                                   |
 if ( strlen(dir) > 0 )                                                                |
 {                                                                                     |
 sprintf(dirbuf,"%s/%s/%s", dom_dir,dir,user);                                         |
 ^^^^^^^ - buffer overflow                                                             |
 }else{                                                                                |
 sprintf(dirbuf, "%s/%s", dom_dir, user);                                              |
 ^^^^^^^ - buffer overflow                                                             |
 }                                                                                     |
 ...                                                                                   |
                                         ______________________________________________|
----------------------------------------/

To avoid this bugs, you must use snprintf().

12/08/04.
(c) by unl0ck team.
http://unl0ck.host.kz/