|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-Disclosure] Re: Lame crash in qmail-smtpd
From: David Jez (dave.jez
seznam.cz)
Date: Tue Jan 20 2004 - 02:16:43 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello guys
> [...]
>
> The problem is in:
> void blast(hops)
> int *hops;
> ...
> int pos; /* number of bytes since most recent \n, if fih */
> ...
> if (pos < 9) {
> if (ch != "delivered"[pos]) if (ch != "DELIVERED"[pos])
> flagmaybez = 0; ...
> ++pos;
> ...
I think this isn't serious security problem because generally this kind
of overflow (nondeterministic, noncontrolled random read from
random address) is not exploitable. This can be only "logical
bug". I think that best fix is following patch (or die with another
funny message like go away, etc.).
Regards,
--
-------------------------------------------------------
David "Dave" Jez Brno, CZ, Europe
E-mail: dave.jezseznam.cz
PGP key: finger xjezda00eva.fit.vutbr.cz
---------=[ ~EOF ]=------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- text/plain attachment: qmail-1.03-hops-fix.diff
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]