qwik-smtpd suffers from a format string vulnerability.
31f43ed4c5a1af5c2ef7a2897415d7826d7f253f928e6ada59380e75d590f6ccAdvisory : H0tTurk-
Product : qwik-smtpd (latest version).
Vendor : http://qwikmail.sourceforge.net/
Bug : format string vulnerability
Vendor Status : Released Patch. http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch
------------------------------------------------------------------------------------------------------------
It is an SMTP (mail) server that supports SMTP and ESMTP. Once finished,
it will be very secure, hopefully with the same reputation as qmail.
-------------------------------------------------
I found format string bug in Qwik-SMTP daemon.
See this:
File: qwik-smtpd.c
sprintf(Received,"Received: from %s (TURK %s) (%s) by %s with SMTP; %s\n", clientHost,
clientHelo, clientIP, localHost, timebuf);
...
else
{
fprintf(fpout,Received);
....
As you can see, bug found in main() function. This type is REMOTE.
We don't want to release an exploit to avoid kids usage.
Spc Thx:
Drmaxvirus,Gencturk,İlkerkandemir,TiT,LuciferCihan,madconfig,tr-zindan,Theghost,SAWTURK,Ambassador,RidvanCihan,Crackers_Child,Kurtefendy,And Ayyildiz Vip TiM User,Soldiers
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed