Balsa Fetch Command Remote Stack Buffer Overflow Vulnerability

Bugtraq ID:	25777
Class:	Boundary Condition Error
CVE:	CVE-2007-5007
Remote:	Yes
Local:	No
Published:	Sep 24 2007 12:00AM
Updated:	Oct 17 2007 03:57PM
Credit:	Evil Ninja Squirrel is credited with the discovery of this issue.
Vulnerable:	SuSE Linux Desktop 10 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc S.u.S.E. UnitedLinux 1.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.2 X86 64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.2 X86 64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 GNOME Balsa 2.3.19 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.17 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.16 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.15 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.14 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.13 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.12 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.11 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.10 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.8 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.7 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.6 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.5 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.4 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.3 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.2 + Redhat Linux 9.0 i386 GNOME Balsa 2.3.1 + Redhat Linux 9.0 i386 GNOME Balsa 2.3 + Redhat Linux 9.0 i386 GNOME Balsa 2.2.6 + Redhat Linux 9.0 i386 GNOME Balsa 2.2.5 + Redhat Linux 9.0 i386 GNOME Balsa 2.2.4 + Redhat Linux 9.0 i386 GNOME Balsa 2.2.3 + Redhat Linux 9.0 i386 GNOME Balsa 2.2.2 + Redhat Linux 9.0 i386 GNOME Balsa 2.2.1 + Redhat Linux 9.0 i386 GNOME Balsa 2.2 + Redhat Linux 9.0 i386 GNOME Balsa 2.1.91 + Redhat Linux 9.0 i386 GNOME Balsa 2.1.90 + Redhat Linux 9.0 i386 GNOME Balsa 2.1.3 + Redhat Linux 9.0 i386 GNOME Balsa 2.1.2 + Redhat Linux 9.0 i386 GNOME Balsa 2.1.1 + Redhat Linux 9.0 i386 GNOME Balsa 2.1 + Redhat Linux 9.0 i386 GNOME Balsa 2.0.18 + Redhat Linux 9.0 i386 GNOME Balsa 2.0.17 + Redhat Linux 9.0 i386 GNOME Balsa 2.0.16 + Redhat Linux 9.0 i386 GNOME Balsa 2.0.10 GNOME Balsa 2.0.6 + Redhat Linux 9.0 i386 GNOME Balsa 1.4.3 GNOME Balsa 1.4 GNOME Balsa 1.2.4 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Redhat Linux 8.0 i686 + Redhat Linux 8.0 i386 + Redhat Linux 8.0 + Redhat Linux 7.3 i686 + Redhat Linux 7.3 i386 + Redhat Linux 7.3 + Sun Linux 5.0 GNOME Balsa 1.1.7 + Redhat Linux 7.2 i686 + Redhat Linux 7.2 i586 + Redhat Linux 7.2 i386 + Redhat Linux 7.2 athlon + Redhat Linux 7.2 Gentoo Linux
Not Vulnerable:	GNOME Balsa 2.3.20 + Redhat Linux 9.0 i386

Balsa Fetch Command Remote Stack Buffer Overflow Vulnerability

Balsa is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

This issue affects the application's IMAP functionality.

An attacker can exploit this issue to execute arbitrary machine code within the context of the user running the application. Failed exploit attempts will result in a denial-of-service vulnerability.

Versions prior to Balsa 2.3.20 are vulnerable.

Balsa Fetch Command Remote Stack Buffer Overflow Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Balsa Fetch Command Remote Stack Buffer Overflow Vulnerability

Solution:
The vendor released Balsa 2.3.20 to address this issue. Please see the references for more information.


GNOME Balsa 1.1.7

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 1.2.4

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 1.4

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 1.4.3

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.0.10

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.0.16

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.0.17

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.0.18

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.0.6

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.1

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.1.1

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.1.2

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.1.3

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.1.90

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.1.91

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.2

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.2.1

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.2.2

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.2.3

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.2.4

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.2.5

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.2.6

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.1

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.10

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.11

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.12

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.13

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.14

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.15

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.16

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.17

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.19

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.2

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.3

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.4

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.5

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.6

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.7

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

GNOME Balsa 2.3.8

• GNOME balsa-2.3.20.tar.bz2
  http://balsa.gnome.org/balsa-2.3.20.tar.bz2

Balsa Fetch Command Remote Stack Buffer Overflow Vulnerability

References:

• Balsa Homepage (GNOME)