QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflow Vulnerability
BID:9797
Info
QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflow Vulnerability
| Bugtraq ID: | 9797 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 03 2004 12:00AM |
| Updated: | Mar 03 2004 12:00AM |
| Credit: | Discovery is credited to Georgi Guninski. |
| Vulnerable: |
Dan Bernstein QMail 1.0 3 Dan Bernstein QMail 1.0 2 |
| Not Vulnerable: | |
Discussion
QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflow Vulnerability
An integer overflow vulnerability has been reported in qmail-qmtpd. This issue exists in code that processes values supplied to qmail-qmtpd in RELAYCLIENT data. Though unconfirmed, this issue may be exploitable to execute arbitrary code with elevated privileges.
It should be noted that this issue does not exist in the default configuration and is only exposed if mail relaying is enabled by setting the RELAYCLIENT environment variable.
An integer overflow vulnerability has been reported in qmail-qmtpd. This issue exists in code that processes values supplied to qmail-qmtpd in RELAYCLIENT data. Though unconfirmed, this issue may be exploitable to execute arbitrary code with elevated privileges.
It should be noted that this issue does not exist in the default configuration and is only exposed if mail relaying is enabled by setting the RELAYCLIENT environment variable.
Exploit / POC
QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflow Vulnerability
Proof-of-concept code that causes a denial of service is in public circulation.
Proof-of-concept code that causes a denial of service is in public circulation.
Solution / Fix
QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflow Vulnerability
References:
References:
- Buffer overflow in qmail-qmtpd, yet still qmail much better than windows (Georgi Guninski)