SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Server)  >   Isoqlog Vendors:   EnderUNIX SDT
(Vendor Issues Fix) Isoqlog Buffer Overflow May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1010345
SecurityTracker URL:  http://securitytracker.com/id/1010345
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 30 2004
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Prior to 2.2
Description:   Some buffer overflow vulnerabilities were reported in Isoqlog. A remote user may be able to execute arbitrary code on the target system.

Virulent at siyahsapka.org reported that the readSendmailLogFile() function in 'parser.c' contains a buffer overflow. A local user can create a specially crafted log file entry so that when a target user runs Isoqlog, the buffer overflow is triggered and arbitrary code executed on the target system with the privileges of the target user.

The vendor reports that there are additional buffer overflows that may be exploitable by a remote user.

According to the vendor, the parseQmailFromBytesLine(), parseQmailToRemoteLine(), parseQmailToLocalLine(), parseSendmailFromBytesLine(), parseSendmailToLine(), parseEximFromBytesLine(), and parseEximToLine() functions in 'parser.c' contain remotely exploitable buffer overflows.

Also, the 'loadconfig.c' file reportedly contains buffer overflows in the loadconfig() and removespaces() functions.

The vendor also notes that the loadLang() function in 'LangCfg.c' contains some buffer overflows.

Some functions in the 'Html.c' file do not perform bounds checking, the vendor said.

The vendor also indicated that 'Dir.c' contains some locally exploitable buffer overflows.
Impact:   A remote user may be able to execute arbitrary code on the target system.
Solution:   The vendor has released a fixed version (2.2), available at:

http://www.enderunix.org/isoqlog/isoqlog-2.2.tar.gz
Vendor URL:  www.enderunix.org/isoqlog/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
May 26 2004 Isoqlog Buffer Overflows May Let Remote Users Execute Arbitrary Code


 Source Message Contents
Date:  Sat, 29 May 2004 02:02:48 +0300
Subject:  EnderUNIX Security Anouncement (Isoqlog and Spamguard)



--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=unknown-8bit
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


______________________________________________________________
Package		 	: isoqlog
Date   		 	:=09
Affected products	: isoqlog is available
			  for a wide variety of products,
			  and distrubuted as a FreeBSD=20
			  port/package.
Vulnerability type	: both local and remote




1. Isoqlog

Isoqlog is an MTA log analysis program written in C. It designed=20
to scan qmail, postfix, sendmail and exim logfile and produce=20
usage statistics in HTML format for viewing through a browser.=20
It produces Top domains output according to Sender, Receiver,=20
Total mails and bytes; it keeps your main domain mail statistics=20
with regard to Days Top Domain, Top Users values for per day,=20
per month and years.=20



2. Problem Description
   There are several stack and heap overflows in several routines in
   Parser.c, loadconfig.c, LandCfg.c, Dir.c and Html.c files.


   2.1 Parser.c
	There are several remote buffer overflows in parseQmailFromBytesLine,
	parseQmailToRemoteLine, parseQmailToLocalLine, parseSendmailFromBytesLine,
	parseSendmailToLine, parseEximFromBytesLine, parseEximToLine functions.

	There are several local buffer overflows in lowercase and check_syslog_date
	functions.

   2.2 loadconfig.c
	loadconfig and removespaces function has some code which result in
        buffer overflows.

   2.3 LangCfg.c
	loadLang function has some code which result in buffer overflows.

   2.4 Html.c has some functions which doesn't do bounds checking.


   2.5 Dir.c has some code which result in local buffer overflows.


3. Solution
   Those who are using isoqlog 2.1.1 and isoqlog-devel before May 16, 2004
   should download and install isoqlog 2.2.

   Package source can be downloaded from
=09
	http://www.enderunix.org/isoqlog/isoqlog-2.2.tar.gz


4. Contact

   Please feel free to contact bug-report % enderunix dot org for anything.


5. THANKS
  =20
   Nicolas Fran=E7ois for reporting check_syslog_date bug on "May 15, 2004!=
!!"
   on isoqlog mailing list.



______________________________________________________________
Package		 	: spamguard
Date   		 	:=09
Affected products	: spamguard is available
			  for a wide variety of products,
			  and distrubuted as a FreeBSD=20
			  port/package.
Vulnerability type	: both local and remote


1. spamguard
spamGuard scans your MTA log files within fixed intervals, which=20
can be defined by yourself, say 10 minutes, and if an expression
" from " is matched more than a predefined value, which is of=20
course can be cofigured by yourself, spamGuard adds the mail=20
address to $BADMAILER file. Therefore any further mails by this=20
user will be rejected by your MTA.


2. Problem Description
   There are several stack and heap overflows in several routines in
   parser.c, functions.c loadconfig.c, files.


   2.1 parser.c
	There are several remote buffer overflows in qmail_parseline
        and sendmail_parseline functions.

   2.2 loadconfig.c
	loadconfig and removespaces function has some code which result in
        buffer overflows.

3. Solution
   Those who are using spamguard 1.6 and spamguard-devel before May 16, 2004
   should download and install spamguard 1.7-BETA.

   Package source can be downloaded from
=09
	http://www.enderunix.org/spamguard/spamguard-1.7-BETA.tar.gz


4. Contact

   Please feel free to contact bug-report % enderunix dot org for anything.



				<-- Thougts -->

   "Destroying something good has always been damn easy compared to creating
    new work which obsiously requires much more knowledge, talent and brain=
!".

   This part is dedicated to those newbie lamers vomitting idiotic exploits=
 which=20
   need to be run as root to get root ;).

   Turkish people, especially kidz @ core.gen.tr and karatakke.org should r=
ead=20
   this:

   http://www.enderunix.org/isoqlog/advisory-extension.txt


--=20
 Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
 http://www.acikkod.com/freebsd.php


--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAt8UVnSyJpGtSn0IRAgUvAJ9nLsLckgkZF0F30L8qpORmReY++QCfQ1ji
DpKOxEbZFqh0PYTDsyl6vak=
=u/SX
-----END PGP SIGNATURE-----

--Kj7319i9nmIyA2yE--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC