spamdyke -- Buffer Overflow Vulnerabilities

ID 7D2336C2-4607-11E1-9F47-00E0815B8DA8
Type freebsd
Reporter FreeBSD
Modified 2012-01-15T00:00:00


Secunia reports:

Fixed a number of very serious errors in the usage of snprintf()/vsnprintf(). The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that could be printed if the buffer were of infinite size. Because the returned value could be larger than the buffer's size, this meant remotely exploitable buffer overflows were possible, depending on spamdyke's configuration.