Red Hat Bugzilla – Bug 618132
CVE-2008-7258 Ssmtp: Buffer overflow by cutting '\n' sequence from lines with leading dot
Last modified: 2015-07-31 08:09:36 EDT
Brendan Boerner reported:
a deficiency in the way ssmtp removed trailing '\n' sequence
by processing lines beginning with a leading dot. A local user,
could send a specially-crafted e-mail message via ssmtp send-only
sendmail emulator, leading to ssmtp executable denial of service (exit with:
ssmtp: standardise() -- Buffer overflow). Different vulnerability
Debian Linux distribution patch:
This issue has been addressed in the following versions of ssmtp:
 ssmtp-2.61-14.el5 for Fedora EPEL 5
 ssmtp-2.61-14.el4 for Fedora EPEL 4
 ssmtp-2.61-14.fc13 for Fedora 13
 ssmtp-2.61-14.fc12 for Fedora 12
 ssmtp-2.61-14.fc11 for Fedora 11
Thank you, Jan.
However according to https://bugzilla.redhat.com/show_bug.cgi?id=617491 , the bug was not properly fixed . Although I am quite puzzled, as I have applied the debian patch, http://cvs.fedoraproject.org/viewvc/rpms/ssmtp/devel/ssmtp-standardise.patch?revision=1.1&view=markup
Note that I have never been able to reproduce the bug.
The CVE identifier of CVE-2008-7258 has been assigned to this.
ssmtp-2.61-15 has been pushed to all repos ( -testing for now) and it should solve the problem