[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2008-id Request -- ssmtp -- standardise() --
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2010-08-02 19:24:06
Message-ID: Pine.GSO.4.64.1008021523490.12961 () faron ! mitre ! org
[Download RAW message or body]
> ----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
>
>> Hi Steve, vendors,
>>
>> Brendan Boerner reported:
>> [1] https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424
>>
>> a deficiency in the way ssmtp removed trailing '\n' sequence
>> by processing lines beginning with a leading dot. A local user,
>> could send a specially-crafted e-mail message via ssmtp send-only
>> sendmail emulator, leading to ssmtp executable denial of service (exit
>> with:
>> ssmtp: standardise() -- Buffer overflow). Different vulnerability
>> than CVE-2008-3962.
Use CVE-2008-7258
- Steve
>> References:
>> [2] https://bugzilla.redhat.com/show_bug.cgi?id=582236
>> [3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3962
>> [4] http://patch-tracker.debian.org/package/ssmtp/2.62-3
>> [5]
>> http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041012.html
>> [6]
>> http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041009.html
>> [7]
>> http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041119.html
>>
>> Debian Linux distribution patch:
>> [8]
>> http://patch-tracker.debian.org/patch/series/view/ssmtp/2.62-3/345780-standardise-bufsize
>>
>> Public PoC (from
>> https://bugzilla.redhat.com/show_bug.cgi?id=582236#c0):
>> [9] ( 0. Install & configure ssmtp, of course )
>> 1. (echo -n . ; for i in {1..2050} ; do echo -n $i ; done) |
>> mail root
>>
>> Couldn't find CVE-2008-XXXX ssmtp identifier for this
>> (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ssmtp).
>>
>> Steve, could you allocate one?
>>
>> Thanks && Regards, Jan.
>> --
>> Jan iankko Lieskovsky / Red Hat Security Response Team
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic