WARNING! Fake news / Disputed / BOGUS

ssmtp 2.62 standardise() Buffer overflow

2010.08.24
Risk: High
Local: Yes
Remote: No
CWE: CWE-20


CVSS Base Score: 2.1/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Brendan Boerner reported: [1] https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424 a deficiency in the way ssmtp removed trailing '\n' sequence by processing lines beginning with a leading dot. A local user, could send a specially-crafted e-mail message via ssmtp send-only sendmail emulator, leading to ssmtp executable denial of service (exit with: ssmtp: standardise() -- Buffer overflow). Different vulnerability than CVE-2008-3962. References: [2] https://bugzilla.redhat.com/show_bug.cgi?id=582236 [3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3962 [4] http://patch-tracker.debian.org/package/ssmtp/2.62-3 [5] http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041012.html [6] http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041009.html [7] http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041119.html Debian Linux distribution patch: [8] http://patch-tracker.debian.org/patch/series/view/ssmtp/2.62-3/345780-standardise-bufsize Public PoC (from https://bugzilla.redhat.com/show_bug.cgi?id=582236#c0): [9] ( 0. Install & configure ssmtp, of course ) 1. (echo -n . ; for i in {1..2050} ; do echo -n $i ; done) | mail root Couldn't find CVE-2008-XXXX ssmtp identifier for this (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ssmtp). Steve, could you allocate one? Thanks && Regards, Jan.

References:

http://patch-tracker.debian.org/patch/series/view/ssmtp/2.62-3/345780-standardise-bufsize
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-7258
https://bugzilla.redhat.com/show_bug.cgi?id=582236
https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424
http://www.securityfocus.com/bid/41965
http://www.openwall.com/lists/oss-security/2010/08/19/6
http://marc.info/?l=oss-security&m=128077707318085&w=2
http://marc.info/?l=oss-security&m=128017258305041&w=2
http://marc.info/?l=oss-security&m=128013391907262&w=2
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045422.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045407.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top