[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2008-id Request -- ssmtp -- standardise() --
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2010-08-02 19:24:06
Message-ID: Pine.GSO.4.64.1008021523490.12961 () faron ! mitre ! org
[Download RAW message or body]


> ----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
>
>> Hi Steve, vendors,
>>
>>    Brendan Boerner reported:
>>    [1] https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424
>>
>> a deficiency in the way ssmtp removed trailing '\n' sequence
>> by processing lines beginning with a leading dot. A local user,
>> could send a specially-crafted e-mail message via ssmtp send-only
>> sendmail emulator, leading to ssmtp executable denial of service (exit
>> with:
>> ssmtp: standardise() -- Buffer overflow). Different vulnerability
>> than CVE-2008-3962.


Use CVE-2008-7258

- Steve



>> References:
>>    [2] https://bugzilla.redhat.com/show_bug.cgi?id=582236
>>    [3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3962
>>    [4] http://patch-tracker.debian.org/package/ssmtp/2.62-3
>>    [5]
>> http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041012.html
>>    [6]
>> http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041009.html
>>    [7]
>> http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041119.html
>>
>> Debian Linux distribution patch:
>>    [8]
>> http://patch-tracker.debian.org/patch/series/view/ssmtp/2.62-3/345780-standardise-bufsize
>>
>> Public PoC (from
>> https://bugzilla.redhat.com/show_bug.cgi?id=582236#c0):
>>    [9] ( 0. Install & configure ssmtp, of course )
>>          1. (echo -n . ; for i in {1..2050} ; do echo -n $i ; done) |
>> mail root
>>
>> Couldn't find CVE-2008-XXXX ssmtp identifier for this
>> (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ssmtp).
>>
>> Steve, could you allocate one?
>>
>> Thanks && Regards, Jan.
>> --
>> Jan iankko Lieskovsky / Red Hat Security Response Team
>
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic