Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 66389

Summary: Buffer overflow in versions < 0.8.11
Product: [Retired] Red Hat Linux Reporter: Pawel Salek <pawsa>
Component: libesmtpAssignee: Bill Nottingham <notting>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: kmaraas, rvokal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.stafford.uklinux.net/libesmtp/download.html#previous
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-04-03 20:34:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pawel Salek 2002-06-09 19:13:33 UTC 
There is a serious buffer overflow bug in all previous versions. This would
permit a malicious SMTP server to overwrite the stack and hence a carefully
crafted multiline response could download arbitrary code to be executed.

Visit the specified URL for more info. The fix (0.8.11) was released on 2002-03-06
Comment 1 Mark J. Cox 2003-02-12 11:52:19 UTC 
This is CAN-2002-1090 (cve.mitre.org).  libesmptd is only used by balsa in the
distribution.
Comment 2 Kjartan Maraas 2003-04-02 23:09:49 UTC 
Still not on the ftp servers?
Comment 3 David Lawrence 2003-04-03 20:34:01 UTC 
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2003-109.html