Buffer overflow bug in libESMTP

From: Brian Stafford <brian stafford uklinux net>
To: LibESMTP Development List <libesmtp-devel community uklinux net>
Cc: Balsa List <balsa-list gnome org>
Subject: Buffer overflow bug in libESMTP
Date: Tue, 5 Mar 2002 16:55:58 +0000

Hi all,

A potential buffer overflow in libESMTP exists which could allow a malicious 
SMTP server to overrun the stack and attack the client application.  Basically 
a multiline SMTP response where the accumulated text exceeds 4Kb will overrun 
the stack.  AFAIK, the attack is not possible unless each line of the response 
is less than 1024 bytes long.

I have updated the code to avoid this possibility.  For those who wish to try 
out the updated code I have uploaded a 0.8.11 tarball (I will create the patch 
file when I announce this "oficially").  The URL is 
<http://www.stafford.uklinux.net/libesmtp/libesmtp-0.8.11.tar.bz2>  For now 
any feedback is appreciated.

This release also fixes a build problem in the NTLM auth code where systems 
without stdint.h could not compile ntlmstruct.c.

Regards
Brian Stafford.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]