Mail Notification Gmail URI Null Pointer Indirection

2004-10-06T05:33:36
ID OSVDB:10567
Type osvdb
Reporter OSVDB
Modified 2004-10-06T05:33:36

Description

Vulnerability Description

Mail Notification contains a flaw that may allow a remote denial of service. The issue is triggered when an unparsable URI is passed to the soup_context_get() function in the Gmail module causing soup_context_get() to return a null value which, with certain libsoup configurations, will lead to a null pointer indirection and will result in loss of availability for the service.

Solution Description

Upgrade to version 0.7.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Do not monitor a Gmail mailbox. If you want to ensure that the faulty code will not be used, reinstall Mail Notification using the following commands: $ ./configure --disable-gmail $ make $ make install

Short Description

Mail Notification contains a flaw that may allow a remote denial of service. The issue is triggered when an unparsable URI is passed to the soup_context_get() function in the Gmail module causing soup_context_get() to return a null value which, with certain libsoup configurations, will lead to a null pointer indirection and will result in loss of availability for the service.

References:

Vendor URL: http://www.nongnu.org/mailnotify/ Vendor Specific Advisory URL Related OSVDB ID: 10566 Other Advisory URL: http://freshmeat.net/projects/mail-notification/?branch_id=44120&release_id=174999 Bugtraq ID: 11349