Re: CVE request: spamdyke buffer overflow vulnerability

[Michael Harrison <n0idx80 () gmail com>]

Kurt,

Thanks for your extra effort. We greatly appreciate it.

Michael

On 1/23/12 10:53 PM, Kurt Seifried wrote:
> On 01/20/2012 06:35 PM, Kurt Seifried wrote:
> > On 01/20/2012 01:42 AM, Agostino Sarubbo wrote:
> > > According to secunia advisory:
> > > https://secunia.com/advisories/47548/ :
> > > Description:
> > >
> > > Some vulnerabilities have been reported in spamdyke, which potentially can be 
> > > exploited by malicious people to compromise a vulnerable system.
> > >
> > > The vulnerabilities are caused due to boundary errors related to the incorrect 
> > > use of the "snprintf()" and "vsnprintf()" functions, which can be exploited to 
> > > cause buffer overflows.
> > >
> > > The vulnerabilities are reported in versions prior to 4.3.0.
> > >
> > >
> > > Solution
> > > Update to version 4.3.0.
> > >
> > >
> > > and from upstream changelog:
> > > http://www.spamdyke.org/documentation/Changelog.txt :
> > >
> > > Fixed a number of very serious errors in the usage ofc.
> > >     The return value was being used as the length of the string printed into
> > >     the buffer, but the return value really indicates the length of the string
> > >     that *could* be printed if the buffer were of infinite size. Because the
> > >     returned value could be larger than the buffer's size, this meant remotely
> > >     exploitable buffer overflows were possible, depending on spamdyke's
> > >     configuration.
> > >
> > > and from upstream mailing list:
> > > http://www.mail-archive.com/spamdyke-release () spamdyke org/msg00014.html
> > >
> > > it also fixes a series of major bugs 
> > > that could lead to buffer overflows.  Depending on spamdyke's configuration, 
> > > these could cause remotely exploitable security holes.  Please upgrade 
> > > immediately!
> > >
> > > Please assign a CVE
> > Can you include some links to actual code commits? I want to prevent
> > duplicates and more information would aid in that.
> Ugh so I downloaded (www.spamdyke.org/download.html) and diff'ed
> spamdyke 4.2.1 and 4.3.0 and checked for snprint/vsnprintf occurances
> being replaced, there's about 80 (all virtually identical fixes). I also
> checked 4.3.0 to 4.3.1, no more of those fixes, so it's safe to say this
> fix at least is largely confined to the 4.3.0 update.
>
> Please use CVE-2012-0802 for this issue.

-- 

It's not about what you know, but what is left to learn~

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.17 (GNU/Linux)

mQENBE6MJ20BCACsvXUqJyxwgr61LOdRVMmczLC5VHDBEaaCfx4AwSihQm6od14h
6IQJVyHSp5hQz73n9yOmLeAV51akUSNwUcV85Fjxa169MDut7mexir6YkTDrwSdW
BRvopP6EuJaLAJwdK0/++YRD9eu6YDPlMp50ceCr47Yy8W0BGTb7Z2CvGnNntr7U
ZkHR+ALdEQNyqSQ/NGxe7lfO+MVSi0W2eDaUtR6JmmZCWyDRWDsiOsl/q+QnIJ7r
s3flrDe57zMXkw2rdI6lWm745i9kOyg0+Jw0gQwy8oHh/4ktdboU6WLkv2N9eeMR
l1a0AZeTSuOfWrepTF1K22E++1NuN3Y5TGKvABEBAAG0MU1pY2hhZWwgUi4gSGFy
cmlzb24gKEN1cnJlbnQpIDxuMGlkeDgwQGdtYWlsLmNvbT6JAT4EEwECACgFAk6M
J20CGwMFCQHanAAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGcT+eUbMgJy
T94H/2F98ZYomipk30ZcEZa+MsqLRcBdIvUgfS43cSih2KlhsjWavwYTYANJG4k0
TImCpoJymmEK0aozlPqeP9eGTFrAM8HPnlBqMqTP5B0dPn2hGnxFwP1NLq4KiwgH
YM/j2QqTZGvCaq82OtG8FwGNHRCJu+buN3zJ/VZNj5b05USEPnl8w92r5V4gbRyL
HZsVyGnPDzTsBDqoKjpMcCVD4uXQWDM9jLk366zLM6ChzhEX02bmKrFqkNnb7rd0
gFGR8svA4uWc2w58zrbZdMTsXDTimHdUm2KU4Cz49UxmyXW+T3SIEtsH8WYlaL+2
SAk8zYMMb95WjwZwrFt2hhfMBoa5AQ0ETownbQEIALZJ5AbAwQd4qhkPRDmpvgW3
AZgMj/s20sBo6XiS9PF4iUYwdKbEGUbKuahHH4dP4lrAKO0telzaLW+PY7NKaQ1k
iLubuiqr7VD2j3bXXD1bvFdmG6w+R+S3jmgZs20Sj+z8472eXXHSokrO8/jolopb
1xzZGUUVlVoJ7dSYaByqxQgcQCxrCiF1xj3CN32m51LAmaCFnJkVYwRTzZpCcOkf
I4eF+d+0OYlCEH9VTwhYJKJMuRFJjPJqzCiJyYky7Y5GqaY2QNnSX2tzGpurR6IP
HW/ZR4SFcnlL8HvHvT6+KVjfItS1M9ybTsXdf8Hl6BGkng+AO/bJKI2f3z2MXP0A
EQEAAYkBJQQYAQIADwUCTownbQIbDAUJAdqcAAAKCRBnE/nlGzICclJlCAChlNrr
CeZ3dzj/FrKQFozovCvgYV8GK83BHB3nBAsoOllvEzjmYbqIuCbbxWT5Dl5uatez
jV7mrfobmnKTsSCGy9WbLc54djiRRcHXpHCeIOCEt8RL85VLim91842Zxw7wTnB0
CfPM77scCvpekkzFaUj/yWxd6lzugKZ60AmuUxLWxzxPl+tcgRKCQT1XMe+EzyEd
yAObBp+Pyk8WAWth+mecxJ131AruPzKwTrvzyyQVaa7qwJzgkwOVKpTwHzvLUQqX
bPj3ZpIt4C0FLc5x91BYAXlt7rk5q3RZajBca+bODlAOJpU4fQs4ln+ZGt3sdTt4
HvFqkFebN/ZH/wWf
=Wk3z
-----END PGP PUBLIC KEY BLOCK-----

Attachment: signature.asc
Description: OpenPGP digital signature