vpopmail buffer overflow.
f116602f612187fc55d17e743bd4ec6b3c757a7b600bb9d8bc70901856407383
.:: Security Advisory ::.
by unl0ck team [http://unl0ck.host.kz]
_ _ ___ _ __ _ _
| | _ | _ _ |/ | |_ |__| |\/|
|__| | | | |_| |_ _|\_ | |_ | | | |
Advisory: #4 by unl0ck team
Bug: buffer overflow (sybase) and maybe SQL injection
Product: vpopmail <= 5.4.2 (sybase vulnerability)
Author: Werro [werro@list.ru]
Realease Date : 12/08/04
Risk: Low
Vendor status: Vendor is in a big shit :)
Reference: http://unl0ck.host.kz/advisories.php
Overview:
vpopmail is a set of programs for creating and managing
multiple virtual domains on a qmail server.
Details:
Bugs were founded in SyBase. In vsybase.c file.
-------------------\
char dirbuf[156]; \__Vulnerability___________________________________________________
... |
if ( strlen(dir) > 0 ) |
{ |
sprintf(dirbuf,"%s/%s/%s", dom_dir,dir,user); |
^^^^^^^ - buffer overflow |
}else{ |
sprintf(dirbuf, "%s/%s", dom_dir, user); |
^^^^^^^ - buffer overflow |
} |
... |
______________________________________________|
----------------------------------------/
To avoid this bugs, you must use snprintf().
12/08/04.
(c) by unl0ck team.
http://unl0ck.host.kz/