J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1546
    posted: 11/23/09
  • NSM Daily Update #1546
    posted: 11/23/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1546
    posted: 11/23/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/23/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/22/09

Title: Perdition Vanessa_Logger Format String Vulnerability

Severity: CRITICAL

Description:

Perdition is a mail retrieval proxy, allowing users to retrieve mail from a IMAP or POP3 server via an intermediary connection to another "content-free" IMAP or POP3 server. Perdition runs on Linux systems and has been ported to FreeBSD.

The vanessa_logger library ships as the logging facility for Perdition Mail Retrieval Proxy versions 0.1.6 and later. The vanessa_logger is part of the VAnessa libraries suite, a third-party project producing software-based solutions for availability and load-balancing issues.

A remotely exploitable format string problem exists in the vanessa_logger library. This is due to insufficient validation of externally supplied input, which is passed to syslogd via a bad syslog call. As a result, any logged information which contains format identifiers(such as '%p', '%s') has the potential to overwrite locations in memory(for example, stack variables).

It is possible for an attacker to remotely exploit this issue to overwrite almost arbitrary locations in memory, potentially resulting in the execution of attacker-supplied code.

Furthermore, Perdition is typically run as the root user, which means that successful exploitation may lead to remote root compromise of a host running the vulnerable software. It should be noted that Perdition does not need root privileges to perform its function. At the very least, successful exploitation of this issue may allow the attacker to gain local unprivileged access to the host.

Other software that uses the vulnerable vanessa_logger library will also be prone to this issue.

Affected Products:

  • Perdition Perdition Mail Retrieval Proxy 0.1.6
  • Perdition Perdition Mail Retrieval Proxy 0.1.7
  • Perdition Perdition Mail Retrieval Proxy 0.1.8
  • Perdition Perdition Mail Retrieval Proxy 0.1.9
  • Vanessa vanessa_logger 0.0.1

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.