Isoqlog-2.2-Beta buffer overflow

2004-05-26T00:00:00
ID SECURITYVULNS:DOC:6259
Type securityvulns
Reporter Securityvulns
Modified 2004-05-26T00:00:00

Description

+-----[ Software ]-----+

Isoqlog is an MTA log analysis program written in C . it designed to scan qmail, postfix, sendmail, exim logfile and produce usage statistics in HTML format. for viewing through a browser. It produces Top domains output according to Incoming , Outgoing , total mails and bytes, it keeps your main domain mail statistics with Days Top Domain, Top Users values for per day , per month ,and years. (http://www.enderunix.org)

+-----[ Version ]-----+

Isoqlog version 2.2-BETA

+-----[ Vulnurable Code ]-----+

[Parser.c]

void readSendmailLogFile(char *fn) { ... char buf[1024]; ... while ((fgets(buf, 1024, fp)) != NULL) { if ((check_syslog_date(buf, strlen(buf))) > 0) { <-- buflen (maximum 1024) ... }

int check_syslog_date(char *buf, int buflen) { unsigned char m[3]= {0}; <-- m (maximum 3) int day = 0, i = 0, j;

for (i = 0; buf[i] != ' ' && buf[i] != '\n' && buf[i] != EOF && i < buflen; i++) <-- Alert m[i] = buf[i]; <-- i (maximum 1024) m (maximum 3) / You're busted / ... }

+-----[ Information ]-----+

This program is not suid by default.

+-----[ Conclusion ]-----+

Virulent@siyahsapka.org:/isoqlog-2.2-BETA/isoqlog# ./isoqlog -f isoqlog.conf Year: 2004 Month: 5 outputdir:html/isoqlog htmldir:htmltemp logtype:sendmail logstore:/var/mail/root langfile:lang/english maxsender:100 maxreceiver:100 maxtotal:100 maxbyte:100 hostname: virulent.siyahsapka.org Domains www.siyahsapka.org Segmentation fault (core dumped)

Virulent@siyahsapka.org:/isoqlog-2.2-BETA/isoqlog# gdb isoqlog core GNU gdb 5.3 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-slackware-linux"... Core was generated by `./isoqlog -f isoqlog.conf'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2

0 0x41414141 in ?? ()

(gdb) info reg eax 0xffffffff -1 ecx 0x8051963 134551907 edx 0x4100000a 1090519050 ebx 0x41414141 1094795585 esp 0xbffff500 0xbffff500 ebp 0x41414141 0x41414141 esi 0x41414141 1094795585 edi 0x41414141 1094795585 eip 0x41414141 0x41414141 eflags 0x206 518 cs 0x23 35 ss 0x2b 43 ds 0x2b 43 es 0x2b 43 fs 0x2b 43 gs 0x2b 43 fctrl 0x0 0 fstat 0x0 0 ftag 0x0 0 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 mxcsr 0x0 0 orig_eax 0xffffffff -1

+-----[ Greetings ]-----+

coders, #linux @ irc.ttnet.net.tr

       deicide

+-----[ Shouts ]-----+

Murat Balaban, instead of writing security related papers start auditing your own projects!

n4rk071x - you STFU!

+-----[ Contact ]-----+

http://virulent.siyahsapka.org

virulent@siyahsapka.org

+----------------------+