Bug 618132 (CVE-2008-7258) - CVE-2008-7258 Ssmtp: Buffer overflow by cutting '\n' sequence from lines with leading dot
Summary: CVE-2008-7258 Ssmtp: Buffer overflow by cutting '\n' sequence from lines wit...
Status: CLOSED CURRENTRELEASE
Alias: CVE-2008-7258
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20081012,reported=2...
Keywords: Security
Depends On: 582236
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-07-26 08:39 UTC by Jan Lieskovsky
Modified: 2019-06-08 13:03 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2010-08-20 09:28:38 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2010-07-26 08:39:12 UTC
Brendan Boerner reported:
  [1] https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424

a deficiency in the way ssmtp removed trailing '\n' sequence
by processing lines beginning with a leading dot. A local user,
could send a specially-crafted e-mail message via ssmtp send-only
sendmail emulator, leading to ssmtp executable denial of service (exit with:
ssmtp: standardise() -- Buffer overflow). Different vulnerability
than CVE-2008-3962.

References:
  [2] https://bugzilla.redhat.com/show_bug.cgi?id=582236
  [3] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3962
  [4] http://patch-tracker.debian.org/package/ssmtp/2.62-3
  [5] http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041012.html
  [6] http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041009.html
  [7] http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041119.html

Debian Linux distribution patch:
  [8] http://patch-tracker.debian.org/patch/series/view/ssmtp/2.62-3/345780-standardise-bufsize

Comment 1 Jan Lieskovsky 2010-07-26 08:48:06 UTC
This issue has been addressed in the following versions of ssmtp:
  [1] ssmtp-2.61-14.el5 for Fedora EPEL 5
  [2] ssmtp-2.61-14.el4 for Fedora EPEL 4
  [3] ssmtp-2.61-14.fc13 for Fedora 13
  [4] ssmtp-2.61-14.fc12 for Fedora 12
  [5] ssmtp-2.61-14.fc11 for Fedora 11

Comment 2 manuel wolfshant 2010-07-26 09:07:31 UTC
Thank you, Jan.

However according to https://bugzilla.redhat.com/show_bug.cgi?id=617491 , the bug was not properly fixed . Although I am quite puzzled, as I have applied the debian patch, http://cvs.fedoraproject.org/viewvc/rpms/ssmtp/devel/ssmtp-standardise.patch?revision=1.1&view=markup
Note that I have never been able to reproduce the bug.

Comment 3 Jan Lieskovsky 2010-08-03 13:55:53 UTC
The CVE identifier of CVE-2008-7258 has been assigned to this.

Comment 4 manuel wolfshant 2010-08-03 14:09:30 UTC
ssmtp-2.61-15 has been pushed to all repos ( -testing for now) and it should solve the problem


Note You need to log in before you can comment on or make changes to this bug.