Smail-3 Multiple Remote and Local Vulnerabilities
BID:12899
Info
Smail-3 Multiple Remote and Local Vulnerabilities
| Bugtraq ID: | 12899 |
| Class: | Unknown |
| CVE: |
CVE-2005-0892 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 25 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery is credited to sean <[email protected]>. |
| Vulnerable: |
Smail Smail-3 3.2 .0.120 Smail Smail-3 3.2 .0.114 |
| Not Vulnerable: | |
Discussion
Smail-3 Multiple Remote and Local Vulnerabilities
Smail-3 is reported prone to multiple vulnerabilities. These issues can allow a local or remote attacker to execute arbitrary code on a vulnerable computer. A successful attack may lead to a complete compromise.
The following specific issues were identified:
Smail-3 is vulnerable to a remote heap overflow vulnerability. An attacker can leverage this vulnerability to execute arbitrary code with superuser privileges. Attack attempts may also trigger a denial of service condition.
The application is also reported prone to various potential vulnerabilities arising from insecure handling of heap memory by signal handlers. These issues are not confirmed at the moment.
Smail-3 3.2.0.120 is affected by these issues. Other versions may be vulnerable.
This BID will be updated when more information becomes available.
Smail-3 is reported prone to multiple vulnerabilities. These issues can allow a local or remote attacker to execute arbitrary code on a vulnerable computer. A successful attack may lead to a complete compromise.
The following specific issues were identified:
Smail-3 is vulnerable to a remote heap overflow vulnerability. An attacker can leverage this vulnerability to execute arbitrary code with superuser privileges. Attack attempts may also trigger a denial of service condition.
The application is also reported prone to various potential vulnerabilities arising from insecure handling of heap memory by signal handlers. These issues are not confirmed at the moment.
Smail-3 3.2.0.120 is affected by these issues. Other versions may be vulnerable.
This BID will be updated when more information becomes available.
Exploit / POC
Smail-3 Multiple Remote and Local Vulnerabilities
The following exploit is made available by sean <[email protected]>:
The following exploit is made available by sean <[email protected]>:
Solution / Fix
Smail-3 Multiple Remote and Local Vulnerabilities
Solution:
Debian has released advisory DSA 722-1 to address these issues. Please see the referenced advisory for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Smail Smail-3 3.2 .0.114
Solution:
Debian has released advisory DSA 722-1 to address these issues. Please see the referenced advisory for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Smail Smail-3 3.2 .0.114
-
Debian smail_3.2.0.114-4woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4 woody1_alpha.deb -
Debian smail_3.2.0.114-4woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4 woody1_arm.deb -
Debian smail_3.2.0.114-4woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4 woody1_hppa.deb -
Debian smail_3.2.0.114-4woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4 woody1_i386.deb -
Debian smail_3.2.0.114-4woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4 woody1_ia64.deb -
Debian smail_3.2.0.114-4woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4 woody1_m68k.deb -
Debian smail_3.2.0.114-4woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4 woody1_mips.deb -
Debian smail_3.2.0.114-4woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4 woody1_mipsel.deb -
Debian smail_3.2.0.114-4woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4 woody1_powerpc.deb -
Debian smail_3.2.0.114-4woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4 woody1_s390.deb -
Debian smail_3.2.0.114-4woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4 woody1_sparc.deb
References
Smail-3 Multiple Remote and Local Vulnerabilities
References:
References: