EnderUNIX Security Anouncement (Isoqlog and Spamguard)

From: Murat Balaban (murat_at_enderunix.org)
Date: 05/29/04

  • Next message: tim de gier: "LDU (land down under) xss vulnerability" 
    Date: Sat, 29 May 2004 02:02:48 +0300
To: bugtraq@securityfocus.com

    ______________________________________________________________
    Package : isoqlog
    Date :
    Affected products : isoqlog is available
                              for a wide variety of products,
                              and distrubuted as a FreeBSD
                              port/package.
    Vulnerability type : both local and remote

    1. Isoqlog

    Isoqlog is an MTA log analysis program written in C. It designed
    to scan qmail, postfix, sendmail and exim logfile and produce
    usage statistics in HTML format for viewing through a browser.
    It produces Top domains output according to Sender, Receiver,
    Total mails and bytes; it keeps your main domain mail statistics
    with regard to Days Top Domain, Top Users values for per day,
    per month and years.

    2. Problem Description
       There are several stack and heap overflows in several routines in
       Parser.c, loadconfig.c, LandCfg.c, Dir.c and Html.c files.

       2.1 Parser.c
            There are several remote buffer overflows in parseQmailFromBytesLine,
            parseQmailToRemoteLine, parseQmailToLocalLine, parseSendmailFromBytesLine,
            parseSendmailToLine, parseEximFromBytesLine, parseEximToLine functions.

            There are several local buffer overflows in lowercase and check_syslog_date
            functions.

       2.2 loadconfig.c
            loadconfig and removespaces function has some code which result in
            buffer overflows.

       2.3 LangCfg.c
            loadLang function has some code which result in buffer overflows.

       2.4 Html.c has some functions which doesn't do bounds checking.

       2.5 Dir.c has some code which result in local buffer overflows.

    3. Solution
       Those who are using isoqlog 2.1.1 and isoqlog-devel before May 16, 2004
       should download and install isoqlog 2.2.

       Package source can be downloaded from
            
            http://www.enderunix.org/isoqlog/isoqlog-2.2.tar.gz

    4. Contact

       Please feel free to contact bug-report % enderunix dot org for anything.

    5. THANKS
       
       Nicolas François for reporting check_syslog_date bug on "May 15, 2004!!!"
       on isoqlog mailing list.

    ______________________________________________________________
    Package : spamguard
    Date :
    Affected products : spamguard is available
                              for a wide variety of products,
                              and distrubuted as a FreeBSD
                              port/package.
    Vulnerability type : both local and remote

    1. spamguard
    spamGuard scans your MTA log files within fixed intervals, which
    can be defined by yourself, say 10 minutes, and if an expression
    " from " is matched more than a predefined value, which is of
    course can be cofigured by yourself, spamGuard adds the mail
    address to $BADMAILER file. Therefore any further mails by this
    user will be rejected by your MTA.

    2. Problem Description
       There are several stack and heap overflows in several routines in
       parser.c, functions.c loadconfig.c, files.

       2.1 parser.c
            There are several remote buffer overflows in qmail_parseline
            and sendmail_parseline functions.

       2.2 loadconfig.c
            loadconfig and removespaces function has some code which result in
            buffer overflows.

    3. Solution
       Those who are using spamguard 1.6 and spamguard-devel before May 16, 2004
       should download and install spamguard 1.7-BETA.

       Package source can be downloaded from
            
            http://www.enderunix.org/spamguard/spamguard-1.7-BETA.tar.gz

    4. Contact

       Please feel free to contact bug-report % enderunix dot org for anything.

                                    <-- Thougts -->

       "Destroying something good has always been damn easy compared to creating
        new work which obsiously requires much more knowledge, talent and brain!".

       This part is dedicated to those newbie lamers vomitting idiotic exploits which
       need to be run as root to get root ;).

       Turkish people, especially kidz @ core.gen.tr and karatakke.org should read
       this:

       http://www.enderunix.org/isoqlog/advisory-extension.txt 

    -- 
 Duydunuz mu! Turkiye'nin ilk FreeBSD kitabi cikti.
 http://www.acikkod.com/freebsd.php

  • Next message: tim de gier: "LDU (land down under) xss vulnerability"