J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: Smail-3 Multiple Remote and Local Vulnerabilities

Severity: CRITICAL

Description:

Smail-3 is a Mail Transport Agent (MTA). It is available for most UNIX based platforms.

Smail-3 is reported prone to multiple vulnerabilities. These issues can allow a local or remote attacker to execute arbitrary code on a vulnerable computer. A successful attack may lead to a complete compromise.

The following specific issues were identified:

Smail-3 is vulnerable to a remote heap overflow vulnerability. This issue arises because the application fails to perform boundary checks prior to copying user-suppled data in to sensitive process buffers. Specifically, the issue can be exploited through the 'MAIL FROM' command. The vulnerable code resides in the 'addr.c' file. An excessive value provided as the user-supplied source address can trigger an overflow condition leading to memory corruption. An attacker can leverage this vulnerability to execute arbitrary code with superuser privileges. Attack attempts may also trigger a denial of service condition.

It is reported that this heap overflow condition can be exploited reliably.

The application is also prone to various potential vulnerabilities arising from insecure handling of heap memory by signal handlers. The vulnerable code resides in the 'modes.c' file. A local attacker may corrupt heap memory by supplying addresses through the command line or interrupting calls to syslog(), malloc(), free() and gain elevated privielges. These issues are not confirmed at the moment.

Smail-3 3.2.0.120 is affected by these issues. Other versions may be vulnerable.

This BID will be updated when more information becomes available.

Affected Products:

  • Debian Linux 3.0.0
  • Debian Linux 3.0.0 alpha
  • Debian Linux 3.0.0 arm
  • Debian Linux 3.0.0 hppa
  • Debian Linux 3.0.0 ia-32
  • Debian Linux 3.0.0 ia-64
  • Debian Linux 3.0.0 m68k
  • Debian Linux 3.0.0 mips
  • Debian Linux 3.0.0 mipsel
  • Debian Linux 3.0.0 ppc
  • Debian Linux 3.0.0 s/390
  • Debian Linux 3.0.0 sparc
  • Smail Smail-3 3.2.0 .0.114
  • Smail Smail-3 3.2.0 .0.120

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.