|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
ssmtp insecure file creation
priestmaster
sms.at
Date: Sun Apr 18 2004 - 14:12:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
ssmtp 2.50.6 create a logfile /tmp/ssmtp.log. The data in this logfile
is user specified. It's possible to overwrite any file with
the permissons of the ssmtp program (normally root). The
vulnerable call is in log_event. log_event vulnerable call:
#ifdef LOGFILE
if((fp = fopen("/tmp/ssmtp.log", "a")) != (FILE *)NULL) {
(void)fprintf(fp, "%s\\n", buf);
(void)fclose(fp);
I think, that all versions of ssmtp are vulnerable to this bug.
Have a nice day,
priestpriestmaster.org
http://www.priestmaster.org
--
Ein Service von http://www.sms.at
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]