Bugtraq readers, eXtremail is a free integrated pop3/smtpd mail daemon for Linux (x86), although it is free it is closed sourced software. It has been found that the majority of the newer versions are vulnerable to a remotely exploitable format string condition. The following versions are confirmed to be vulnerable to this condition: eXtremail v1.1.5 eXtremail v1.1.6 eXtremail v1.1.7 eXtremail v1.1.8 eXtremail v1.1.9 Note: Version 1.1.3 is also presumed to be vulnerable but that version was not available for testing, although I have strong reason to assume that it is. The format string problem is located in the flog() function, and is caused by the use of user defined data as the format string for an fprintf() statement. This problem can be exploited remotely to yield remote root privileges, through sending appropriately constructed strings as the arguments to the following commands: Smtpd - HELO / EHLO / MAIL FROM:<....@....> / RCPT TO:<....@....> Pop3 - USER (+ others requiring a suitable login). This issue has been patched as of version 1.1.10, it is advisable that current or prospective users download this version as soon as possible. This is obtainable from the eXtremail homepage found at http://www.extremail.com Exploit code attached.... Yours Sincerly..... mu-b ___________________________________________________________ mu-b (µb) (mu-b@digit-labs.org) http://www.digit-labs.org "Like German Tourists, the stupid are everywhere" -Arnold 'Judas' Rimmer - Red Dwarf BBC (c)
This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 10:21:10 PDT