SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   spamGuard Vendors:   EnderUNIX SDT
spamGuard Multiple Buffer Overflows May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1010342
SecurityTracker URL:  http://securitytracker.com/id/1010342
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 30 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.7-BETA
Description:   Some buffer overflow vulnerabilities were reported in spamGuard. A remote user may be able to execute arbitrary code on the target system.

The vendor reported that a remote user can trigger buffer overflows in the qmail_parseline() and and sendmail_parseline() functions in 'parser.c'. The vendor also reported that the loadconfig() and removespaces() functions in 'loadconfig.c' contain overflows.

Impact:   A remote user may be able to execute arbitrary code on the target system.
Solution:   The vendor released a fixed version (1.7-BETA), available at:

http://www.enderunix.org/spamguard/spamguard-1.7-BETA.tar.gz

Vendor URL:  www.enderunix.org/spamguard/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  EnderUNIX Security Anouncement (Isoqlog and Spamguard)



--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=unknown-8bit
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


______________________________________________________________
Package		 	: isoqlog
Date   		 	:=09
Affected products	: isoqlog is available
			  for a wide variety of products,
			  and distrubuted as a FreeBSD=20
			  port/package.
Vulnerability type	: both local and remote




1. Isoqlog

Isoqlog is an MTA log analysis program written in C. It designed=20
to scan qmail, postfix, sendmail and exim logfile and produce=20
usage statistics in HTML format for viewing through a browser.=20
It produces Top domains output according to Sender, Receiver,=20
Total mails and bytes; it keeps your main domain mail statistics=20
with regard to Days Top Domain, Top Users values for per day,=20
per month and years.=20



2. Problem Description
   There are several stack and heap overflows in several routines in
   Parser.c, loadconfig.c, LandCfg.c, Dir.c and Html.c files.


   2.1 Parser.c
	There are several remote buffer overflows in parseQmailFromBytesLine,
	parseQmailToRemoteLine, parseQmailToLocalLine, parseSendmailFromBytesLine,
	parseSendmailToLine, parseEximFromBytesLine, parseEximToLine functions.

	There are several local buffer overflows in lowercase and check_syslog_date
	functions.

   2.2 loadconfig.c
	loadconfig and removespaces function has some code which result in
        buffer overflows.

   2.3 LangCfg.c
	loadLang function has some code which result in buffer overflows.

   2.4 Html.c has some functions which doesn't do bounds checking.


   2.5 Dir.c has some code which result in local buffer overflows.


3. Solution
   Those who are using isoqlog 2.1.1 and isoqlog-devel before May 16, 2004
   should download and install isoqlog 2.2.

   Package source can be downloaded from
=09
	http://www.enderunix.org/isoqlog/isoqlog-2.2.tar.gz


4. Contact

   Please feel free to contact bug-report % enderunix dot org for anything.


5. THANKS
  =20
   Nicolas Fran=E7ois for reporting check_syslog_date bug on "May 15, 2004!=
!!"
   on isoqlog mailing list.



______________________________________________________________
Package		 	: spamguard
Date   		 	:=09
Affected products	: spamguard is available
			  for a wide variety of products,
			  and distrubuted as a FreeBSD=20
			  port/package.
Vulnerability type	: both local and remote


1. spamguard
spamGuard scans your MTA log files within fixed intervals, which=20
can be defined by yourself, say 10 minutes, and if an expression
" from " is matched more than a predefined value, which is of=20
course can be cofigured by yourself, spamGuard adds the mail=20
address to $BADMAILER file. Therefore any further mails by this=20
user will be rejected by your MTA.


2. Problem Description
   There are several stack and heap overflows in several routines in
   parser.c, functions.c loadconfig.c, files.


   2.1 parser.c
	There are several remote buffer overflows in qmail_parseline
        and sendmail_parseline functions.

   2.2 loadconfig.c
	loadconfig and removespaces function has some code which result in
        buffer overflows.

3. Solution
   Those who are using spamguard 1.6 and spamguard-devel before May 16, 2004
   should download and install spamguard 1.7-BETA.

   Package source can be downloaded from
=09
	http://www.enderunix.org/spamguard/spamguard-1.7-BETA.tar.gz


4. Contact

   Please feel free to contact bug-report % enderunix dot org for anything.



				<-- Thougts -->

   "Destroying something good has always been damn easy compared to creating
    new work which obsiously requires much more knowledge, talent and brain=
!".

   This part is dedicated to those newbie lamers vomitting idiotic exploits=
 which=20
   need to be run as root to get root ;).

   Turkish people, especially kidz @ core.gen.tr and karatakke.org should r=
ead=20
   this:

   http://www.enderunix.org/isoqlog/advisory-extension.txt


--=20
 Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
 http://www.acikkod.com/freebsd.php


--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAt8UVnSyJpGtSn0IRAgUvAJ9nLsLckgkZF0F30L8qpORmReY++QCfQ1ji
DpKOxEbZFqh0PYTDsyl6vak=
=u/SX
-----END PGP SIGNATURE-----

--Kj7319i9nmIyA2yE--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC