Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
BID:26270
Info
Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
| Bugtraq ID: | 26270 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5740 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 31 2007 12:00AM |
| Updated: | Jan 22 2008 06:18PM |
| Credit: | Bernhard Mueller is credited with the discovery of this issue. |
| Vulnerable: |
Perdition Perdition Mail Retrieval Proxy 1.17 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: |
Perdition Perdition Mail Retrieval Proxy 1.17.1 |
Discussion
Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
Perdition IMAP proxy server is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected application. A successful attack will compromise the application. Failed attempts may cause denial-of-service conditions.
This issue affects Perdition 1.17 and prior versions.
Perdition IMAP proxy server is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
An attacker can exploit this issue to execute arbitrary machine code in the context of the affected application. A successful attack will compromise the application. Failed attempts may cause denial-of-service conditions.
This issue affects Perdition 1.17 and prior versions.
Exploit / POC
Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
The researcher responsible for discovering this issue has developed proof-of-concept exploit code, but it is not publicly available; please see the references for details.
The following proof of concept is available:
perl -e 'print "abc%n\x00\n"' | nc perdition.example.com 143
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The researcher responsible for discovering this issue has developed proof-of-concept exploit code, but it is not publicly available; please see the references for details.
The following proof of concept is available:
perl -e 'print "abc%n\x00\n"' | nc perdition.example.com 143
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
Solution:
The vendor has released Perdition 1.17.1 to address this issue. Please see the references for more information.
Perdition Perdition Mail Retrieval Proxy 1.17
Solution:
The vendor has released Perdition 1.17.1 to address this issue. Please see the references for more information.
Perdition Perdition Mail Retrieval Proxy 1.17
-
Perdition perdition-1.17.1.tar.gz
http://www.vergenet.net/linux/perdition/download/1.17.1/perdition-1.17 .1.tar.gz
References
Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
References:
References:
- Perdition Homepage (Perdition)
- SEC-CONSULT Security Advisory (SEC-CONSULT)
- SEC Consult SA-20071031-0 :: Perdition IMAP Proxy Format String Vulnerability (Bernhard Mueller)