Full Disclosure mailing list archives
Re: EnderUNIX Security Anouncement (Isoqlog and Spamguard)
From: Aycan iRiCAN <aycan () core gen tr>
Date: Sun, 30 May 2004 01:49:59 +0300
You are the fucking kid! You're the fucking security industry! There will be no public exploits according to my conversation with virulent. Next time use authors e-mail for thanksgiving please.
"Destroying something good has always been damn easy compared to creating new work which obsiously requires much more knowledge, talent and brain!". Well, gaining shell requires extra understanding and imagination! http://www.phrack.nl/phrack62/p62-0x0b.txt Murat Balaban wrote:
______________________________________________________________ Package : isoqlog Date : Affected products : isoqlog is available for a wide variety of products,and distrubuted as a FreeBSD port/package.Vulnerability type : both local and remote 1. IsoqlogIsoqlog is an MTA log analysis program written in C. It designed to scan qmail, postfix, sendmail and exim logfile and produce usage statistics in HTML format for viewing through a browser. It produces Top domains output according to Sender, Receiver, Total mails and bytes; it keeps your main domain mail statistics with regard to Days Top Domain, Top Users values for per day, per month and years.2. Problem Description There are several stack and heap overflows in several routines in Parser.c, loadconfig.c, LandCfg.c, Dir.c and Html.c files. 2.1 Parser.c There are several remote buffer overflows in parseQmailFromBytesLine, parseQmailToRemoteLine, parseQmailToLocalLine, parseSendmailFromBytesLine, parseSendmailToLine, parseEximFromBytesLine, parseEximToLine functions. There are several local buffer overflows in lowercase and check_syslog_date functions. 2.2 loadconfig.c loadconfig and removespaces function has some code which result in buffer overflows. 2.3 LangCfg.c loadLang function has some code which result in buffer overflows. 2.4 Html.c has some functions which doesn't do bounds checking. 2.5 Dir.c has some code which result in local buffer overflows. 3. Solution Those who are using isoqlog 2.1.1 and isoqlog-devel before May 16, 2004 should download and install isoqlog 2.2. Package source can be downloaded from http://www.enderunix.org/isoqlog/isoqlog-2.2.tar.gz 4. Contact Please feel free to contact bug-report % enderunix dot org for anything. 5. THANKSNicolas Fran?ois for reporting check_syslog_date bug on "May 15, 2004!!!"on isoqlog mailing list. ______________________________________________________________ Package : spamguard Date : Affected products : spamguard is available for a wide variety of products,and distrubuted as a FreeBSD port/package.Vulnerability type : both local and remote 1. spamguardspamGuard scans your MTA log files within fixed intervals, which can be defined by yourself, say 10 minutes, and if an expression " from " is matched more than a predefined value, which is of course can be cofigured by yourself, spamGuard adds the mail address to $BADMAILER file. Therefore any further mails by this user will be rejected by your MTA.2. Problem Description There are several stack and heap overflows in several routines in parser.c, functions.c loadconfig.c, files. 2.1 parser.c There are several remote buffer overflows in qmail_parseline and sendmail_parseline functions. 2.2 loadconfig.c loadconfig and removespaces function has some code which result in buffer overflows. 3. Solution Those who are using spamguard 1.6 and spamguard-devel before May 16, 2004 should download and install spamguard 1.7-BETA. Package source can be downloaded from http://www.enderunix.org/spamguard/spamguard-1.7-BETA.tar.gz 4. Contact Please feel free to contact bug-report % enderunix dot org for anything. <-- Thougts --> "Destroying something good has always been damn easy compared to creating new work which obsiously requires much more knowledge, talent and brain!".This part is dedicated to those newbie lamers vomitting idiotic exploits which need to be run as root to get root ;).Turkish people, especially kidz @ core.gen.tr and karatakke.org should read this:http://www.enderunix.org/isoqlog/advisory-extension.txt
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: EnderUNIX Security Anouncement (Isoqlog and Spamguard) Aycan iRiCAN (May 29)
- RE: Re: EnderUNIX Security Anouncement (Isoqlog and Spamguard) Simon Lorentsen (May 29)