Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:6259
HistoryMay 26, 2004 - 12:00 a.m.

Isoqlog-2.2-Beta buffer overflow

2004-05-2600:00:00
vulners.com
35

±----[ Software ]-----+

Isoqlog is an MTA log analysis program written in C .
it designed to scan qmail, postfix, sendmail, exim logfile and produce
usage statistics in HTML format. for viewing through a browser. It
produces Top domains output according to Incoming , Outgoing , total
mails and bytes, it keeps your main domain mail statistics with Days Top
Domain, Top Users values for per day , per month ,and years.
(http://www.enderunix.org)

±----[ Version ]-----+

Isoqlog version 2.2-BETA

±----[ Vulnurable Code ]-----+

[Parser.c]

void readSendmailLogFile(char *fn)
{

char buf[1024];

while ((fgets(buf, 1024, fp)) != NULL) {
if ((check_syslog_date(buf, strlen(buf))) > 0) { <– buflen (maximum 1024)

}

int check_syslog_date(char *buf, int buflen)
{
unsigned char m[3]= {0}; <– m (maximum 3)
int day = 0, i = 0, j;

for (i = 0; buf[i] != ' ' && buf[i] != '\n' && buf[i] != EOF && i <
buflen; i++) <– Alert
m[i] = buf[i]; <– i (maximum 1024) m (maximum 3)
/* You're busted */

}

±----[ Information ]-----+

This program is not suid by default.

±----[ Conclusion ]-----+

[email protected]:/isoqlog-2.2-BETA/isoqlog# ./isoqlog -f isoqlog.conf
Year: 2004 Month: 5
outputdir:html/isoqlog
htmldir:htmltemp
logtype:sendmail
logstore:/var/mail/root
langfile:lang/english
maxsender:100
maxreceiver:100
maxtotal:100
maxbyte:100
hostname: virulent.siyahsapka.org
Domains www.siyahsapka.org
Segmentation fault (core dumped)

[email protected]:/isoqlog-2.2-BETA/isoqlog# gdb isoqlog core
GNU gdb 5.3
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-slackware-linux"…
Core was generated by `./isoqlog -f isoqlog.conf'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.6…done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2…done.
Loaded symbols for /lib/ld-linux.so.2
#0 0x41414141 in ?? ()
(gdb) info reg
eax 0xffffffff -1
ecx 0x8051963 134551907
edx 0x4100000a 1090519050
ebx 0x41414141 1094795585
esp 0xbffff500 0xbffff500
ebp 0x41414141 0x41414141
esi 0x41414141 1094795585
edi 0x41414141 1094795585
eip 0x41414141 0x41414141
eflags 0x206 518
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x2b 43
gs 0x2b 43
fctrl 0x0 0
fstat 0x0 0
ftag 0x0 0
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x0 0
orig_eax 0xffffffff -1

±----[ Greetings ]-----+

#coders, #linux @ irc.ttnet.net.tr

       deicide

±----[ Shouts ]-----+

Murat Balaban, instead of writing security related papers start auditing
your own projects!

n4rk071x - you STFU!

±----[ Contact ]-----+

http://virulent.siyahsapka.org

[email protected]

±---------------------+