what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ZRCSA-200505.txt

ZRCSA-200505.txt
Posted Dec 18, 2005
Authored by Mehdi Oudad aka deepfear | Site zone-h.fr

Zone-H Research Center Security Advisory 200505 - libremail versions 1.1.0 and below suffer from a format string vulnerability in pop.c.

tags | advisory
SHA-256 | b6ff9cf50ae72c4f53c4a8ac284424356a16b8dc36e32a1f0d328455c5dae5a3

ZRCSA-200505.txt

Change Mirror Download
Zone-H Research Center Security Advisory 200505
http://www.zone-h.fr

Date of release: 16/12/2005
Software: libremail (http://libremail.tuxfamily.org/en/)
Affected versions: <= 1.1.0
Risk: Low/Medium
Discovered by: Mehdi Oudad "deepfear" from the Zone-H Research Team

Background
----------
libremail is a set of command line mail tools, it includes several clients, and allows to filter mails.

from http://libremail.tuxfamily.org/en/trad.htm :
This web site is intended to present to you the whole part of applications of electronic mail I developed.

These softwares functions under GNU/Linux and should normaly run without any modification under the other UNIX systems.
On the other hand, I did not consider it useful (and a fortiori priority) to adapt these applications to make them run also under Windows.

Details
-------
There is a format string vulnerability in pop.c:

[...]
void lire_pop ()
{
int posbuf;


// initialisation
posbuf = 0;

// lecture jusqu'en fin de ligne ou de buffer
do
recv (sockfd, buf_lect + posbuf, 1, 0);
while (buf_lect [posbuf++] != '\n' && posbuf < sz_buflect);

// terminer la chaine de caractères lue (on supprime \r\n)
if (posbuf > 1 && buf_lect [posbuf - 2] == '\r')
buf_lect [posbuf - 2] = '\0';
else
buf_lect [posbuf - 1] = '\0';

#ifdef DEBUG
putchar ('<');
printf (buf_lect);
#endif
}

It could be exploited by tricking a user into connecting to a malicious pop server, or by sending a malicious mail (if the user reads it through a pop server), however it requires that debug mode is activated (not default setting).

Solution
---------
The vendor has published updated sources:
http://libremail.tuxfamily.org/en/dersources.htm

They will also be included in an upcoming version (with other bugfixes and new features).

--
Original advisories:
English version: Check Zone-H.org (off atm)
French: http://www.zone-h.fr/fr/advisories/read/id=733
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close