Everyone running Qmail,
Georgi Guninski <guninski(_at_)guninski(_dot_)com> today (January 15, 2004)
published proof of an integer overflow in qmail-smtpd which leads to a
crash (and memory overwrite according to gdb).
Attached to this message is a patch against qmail-smtpd.c v1.03. The
overflow essentially consists of an unchecked integer which is allowed
to under certain circumstances increment above its 32bit limit which
results it in becoming negative thereby resulting in a segfault.
James Craig Burley <craig(_at_)jcb-sc(_dot_)com>'s patch is attached to this
message, and is also available for download from libspf.org. I have
tested this patch against the published exploit code and its solid.
http://libspf.org/files/qmail-1.03.integer.overflow.patch
Cheers,
James
--
James Couzens,
Programmer
obscurity.org
libspf.org
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ëù1Ií-»Fqx(_dot_)com
qmail-1.03.integer.overflow.patch
Description: Text Data
signature.asc
Description: This is a digitally signed message part