.:: Security Advisory ::. by unl0ck team [http://unl0ck.host.kz] _ _ ___ _ __ _ _ | | _ | _ _ |/ | |_ |__| |\/| |__| | | | |_| |_ _|\_ | |_ | | | | Advisory: #4 by unl0ck team Bug: buffer overflow (sybase) and maybe SQL injection Product: vpopmail <= 5.4.2 (sybase vulnerability) Author: Werro [werro@list.ru] Realease Date : 12/08/04 Risk: Low Vendor status: Vendor is in a big shit :) Reference: http://unl0ck.host.kz/advisories.php Overview: vpopmail is a set of programs for creating and managing multiple virtual domains on a qmail server. Details: Bugs were founded in SyBase. In vsybase.c file. -------------------\ char dirbuf[156]; \__Vulnerability___________________________________________________ ... | if ( strlen(dir) > 0 ) | { | sprintf(dirbuf,"%s/%s/%s", dom_dir,dir,user); | ^^^^^^^ - buffer overflow | }else{ | sprintf(dirbuf, "%s/%s", dom_dir, user); | ^^^^^^^ - buffer overflow | } | ... | ______________________________________________| ----------------------------------------/ To avoid this bugs, you must use snprintf(). 12/08/04. (c) by unl0ck team. http://unl0ck.host.kz/