QMail Substdio_Put() Function Remote Integer Overflow Vulnerability
BID:13536
Info
QMail Substdio_Put() Function Remote Integer Overflow Vulnerability
| Bugtraq ID: | 13536 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 06 2005 12:00AM |
| Updated: | May 06 2005 12:00AM |
| Credit: | Georgi Guninski <[email protected]> disclosed this vulnerability. |
| Vulnerable: |
Dan Bernstein QMail 1.0 3 Dan Bernstein QMail 1.0 2 |
| Not Vulnerable: | |
Discussion
QMail Substdio_Put() Function Remote Integer Overflow Vulnerability
QMail is susceptible to a remote integer overflow vulnerability in the substdio_put() function.
Specifically, the substdio_put() function can be coerced into overflowing an integer value, resulting in writing data to an unintended location. This may only be possible in environments where more than 4 gigabytes of virtual memory is available, such as 64 bit systems.
It is conjectured that remote code executing may be possible.
QMail is susceptible to a remote integer overflow vulnerability in the substdio_put() function.
Specifically, the substdio_put() function can be coerced into overflowing an integer value, resulting in writing data to an unintended location. This may only be possible in environments where more than 4 gigabytes of virtual memory is available, such as 64 bit systems.
It is conjectured that remote code executing may be possible.
Exploit / POC
QMail Substdio_Put() Function Remote Integer Overflow Vulnerability
A proof of concept denial of service exploit for this issue is provided at:
http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html
The integrity of this external Web site is not guaranteed by Symantec.
A proof of concept denial of service exploit for this issue is provided at:
http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html
The integrity of this external Web site is not guaranteed by Symantec.
Solution / Fix
QMail Substdio_Put() Function Remote Integer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
QMail Substdio_Put() Function Remote Integer Overflow Vulnerability
References:
References:
- 64 bit qmail fun (Georgi Guninski
) - Qmail Homepage (Dan Bernstein)