exploit the possibilities

Echo Security Advisory 2006.42

Echo Security Advisory 2006.42
Posted Aug 18, 2006
Authored by Echo Security, Dedi Dwianto | Site advisories.echo.or.id

Eremove version 1.4 is susceptible to a denial of service condition.

tags | advisory, denial of service
MD5 | 4848dc2054f7bfcaf4246173f34d4130

Echo Security Advisory 2006.42

Change Mirror Download
\_   _____/\_   ___ \ /   |   \\_____  \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/

.OR.ID
ECHO_ADV_42$2006

---------------------------------------------------------------------------
[ECHO_ADV_42$2006] BufferOverflow in Eremove Client
---------------------------------------------------------------------------

Author : Dedi Dwianto
Date : Aug, 01st 2006
Location : Indonesia, Jakarta
Web : http://advisories.echo.or.id/adv/adv42-theday-2006.txt
Exploitation : Local
Critical Lvl : High
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Application : Eremove
version : 1.4
URL : http://eremove.sourceforge.net/
Description :
Eremove is a simple application for linux, based on GTK, for logging into
a POP3 mail account, quickly seeing a summary of everything that is there
waiting for you, and previewing/deleteing some or all of those emails painlessly.

---------------------------------------------------------------------------

Vulnerability:
~~~~~~~~~~~~~~~~
The function priview_create used by Eremove is affected by a buffer-overflow
vulnerability which happens when it tries to store the exceeding data
available in the input email in the message_body buffer of only 65534 bytes.

------------------gui.cpp-----------------------------
.....
gint preview_create (int message_num) {
...
GtkWidget *hbox;
GtkWidget *vscrollbar;
char *tmp_pntr;
char tmp_str[255];
char buf[65534];
char message_body[65534];
gint i;
...
}
if (!find_header_field("Date", buf, &date)) {
date = (char *) malloc(strlen("unspecified")*sizeof(char));
strcpy(date, "unspecified");
}
strcpy(message_body, buf);
...
----------------------------------------------------------

POC:
~~~~
Send EMail with Attachment more than 100 KB
and Openwith eremove.
Eremove will be crash.
---------------------------------------------------------------------------
Shoutz:
~~~~~~~

~ y3dips,moby,comex,z3r0byt3,K-159,c-a-s-e,S`to,lirva32,anonymous
~ My Lovely Jessy
~ newbie_hacker@yahoogroups.com
~ #aikmel #e-c-h-o @irc.dal.net
~ SUPPORT PALESTINE & LEBANON
---------------------------------------------------------------------------
Contact:
~~~~~~~~

Dedi Dwianto || echo|staff || the_day[at]echo[dot]or[dot]id
Homepage: http://theday.echo.or.id/

-------------------------------- [ EOF ] ----------------------------------

Login or Register to add favorites

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close