QMail Alloc() Remote Integer Overflow Vulnerability
BID:13528
Info
QMail Alloc() Remote Integer Overflow Vulnerability
| Bugtraq ID: | 13528 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 06 2005 12:00AM |
| Updated: | May 06 2005 12:00AM |
| Credit: | Georgi Guninski <[email protected]> disclosed this vulnerability. |
| Vulnerable: |
Dan Bernstein QMail 1.0 3 Dan Bernstein QMail 1.0 2 |
| Not Vulnerable: | |
Discussion
QMail Alloc() Remote Integer Overflow Vulnerability
QMail is susceptible to a remote integer overflow vulnerability in the alloc() function.
Specifically, the alloc() function can be coerced into overflowing an integer value, resulting in an incorrect memory allocation occurring. This may only be possible in environments where more than 4 gigabytes of virtual memory is available, such as 64 bit systems.
It is conjectured that remote code executing may be possible.
QMail is susceptible to a remote integer overflow vulnerability in the alloc() function.
Specifically, the alloc() function can be coerced into overflowing an integer value, resulting in an incorrect memory allocation occurring. This may only be possible in environments where more than 4 gigabytes of virtual memory is available, such as 64 bit systems.
It is conjectured that remote code executing may be possible.
Exploit / POC
QMail Alloc() Remote Integer Overflow Vulnerability
A proof of concept denial of service exploit for this issue is provided at:
http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html
The integrity of this external Web site is not guaranteed by Symantec.
A proof of concept denial of service exploit for this issue is provided at:
http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html
The integrity of this external Web site is not guaranteed by Symantec.
Solution / Fix
QMail Alloc() Remote Integer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
QMail Alloc() Remote Integer Overflow Vulnerability
References:
References:
- 64 bit qmail fun (Georgi Guninski
) - Qmail Homepage (Dan Bernstein)