Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
sSMTP 2.62 Buffer Overflow
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
TheBunman
n00b
n00b


Joined: 05 May 2004
Posts: 28

PostPosted: Fri Dec 10, 2010 6:18 pm    Post subject: sSMTP 2.62 Buffer Overflow Reply with quote

Hi,

today I found this in my apache log:

Quote:

*** buffer overflow detected ***: /usr/sbin/sendmail terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f33d3e8f187]
/lib/libc.so.6(+0x101ed0)[0x7f33d3e8ced0]
/lib/libc.so.6(+0x100c65)[0x7f33d3e8bc65]
/usr/sbin/sendmail[0x403650]
/usr/sbin/sendmail[0x404b03]
/usr/sbin/sendmail[0x404f09]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f33d3da9ba6]
/usr/sbin/sendmail[0x401fb9]
======= Memory map: ========
00400000-00407000 r-xp 00000000 08:09 30187934 /usr/sbin/ssmtp
00606000-00607000 r--p 00006000 08:09 30187934 /usr/sbin/ssmtp
00607000-00608000 rw-p 00007000 08:09 30187934 /usr/sbin/ssmtp
00608000-00610000 rw-p 00608000 00:00 0
00727000-00748000 rw-p 00727000 00:00 0 [heap]
7f33d33ce000-7f33d33e4000 r-xp 00000000 08:09 60096515 /lib64/libgcc_s.so.1
7f33d33e4000-7f33d35e3000 ---p 00016000 08:09 60096515 /lib64/libgcc_s.so.1
7f33d35e3000-7f33d35e4000 r--p 00015000 08:09 60096515 /lib64/libgcc_s.so.1
7f33d35e4000-7f33d35e5000 rw-p 00016000 08:09 60096515 /lib64/libgcc_s.so.1
7f33d35e5000-7f33d35fa000 r-xp 00000000 08:09 30016157 /lib64/libz.so.1.2.3
7f33d35fa000-7f33d37f9000 ---p 00015000 08:09 30016157 /lib64/libz.so.1.2.3
7f33d37f9000-7f33d37fa000 r--p 00014000 08:09 30016157 /lib64/libz.so.1.2.3
7f33d37fa000-7f33d37fb000 rw-p 00015000 08:09 30016157 /lib64/libz.so.1.2.3
7f33d37fb000-7f33d37fd000 r-xp 00000000 08:09 78102578 /lib64/libdl-2.11.2.so
7f33d37fd000-7f33d39fd000 ---p 00002000 08:09 78102578 /lib64/libdl-2.11.2.so
7f33d39fd000-7f33d39fe000 r--p 00002000 08:09 78102578 /lib64/libdl-2.11.2.so
7f33d39fe000-7f33d39ff000 rw-p 00003000 08:09 78102578 /lib64/libdl-2.11.2.so
7f33d39ff000-7f33d3b61000 r-xp 00000000 08:09 78446619 /usr/lib64/libcrypto.so.0.9.8
7f33d3b61000-7f33d3d61000 ---p 00162000 08:09 78446619 /usr/lib64/libcrypto.so.0.9.8
7f33d3d61000-7f33d3d6f000 r--p 00162000 08:09 78446619 /usr/lib64/libcrypto.so.0.9.8
7f33d3d6f000-7f33d3d88000 rw-p 00170000 08:09 78446619 /usr/lib64/libcrypto.so.0.9.8
7f33d3d88000-7f33d3d8b000 rw-p 7f33d3d88000 00:00 0
7f33d3d8b000-7f33d3efa000 r-xp 00000000 08:09 78102571 /lib64/libc-2.11.2.so
7f33d3efa000-7f33d40fa000 ---p 0016f000 08:09 78102571 /lib64/libc-2.11.2.so
7f33d40fa000-7f33d40fe000 r--p 0016f000 08:09 78102571 /lib64/libc-2.11.2.so
7f33d40fe000-7f33d40ff000 rw-p 00173000 08:09 78102571 /lib64/libc-2.11.2.so
7f33d40ff000-7f33d4104000 rw-p 7f33d40ff000 00:00 0
7f33d4104000-7f33d4151000 r-xp 00000000 08:09 78446621 /usr/lib64/libssl.so.0.9.8
7f33d4151000-7f33d4350000 ---p 0004d000 08:09 78446621 /usr/lib64/libssl.so.0.9.8
7f33d4350000-7f33d4352000 r--p 0004c000 08:09 78446621 /usr/lib64/libssl.so.0.9.8
7f33d4352000-7f33d4358000 rw-p 0004e000 08:09 78446621 /usr/lib64/libssl.so.0.9.8
7f33d4358000-7f33d4378000 r-xp 00000000 08:09 78102566 /lib64/ld-2.11.2.so
7f33d4562000-7f33d4566000 rw-p 7f33d4562000 00:00 0
7f33d4575000-7f33d4577000 rw-p 7f33d4575000 00:00 0
7f33d4577000-7f33d4578000 r--p 0001f000 08:09 78102566 /lib64/ld-2.11.2.so
7f33d4578000-7f33d4579000 rw-p 00020000 08:09 78102566 /lib64/ld-2.11.2.so
7f33d4579000-7f33d457a000 rw-p 7f33d4579000 00:00 0
7fffd8301000-7fffd8316000 rw-p 7ffffffea000 00:00 0 [stack]
7fffd839b000-7fffd839c000 r-xp 7fffd839b000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]


I think that it is this problem: http://www.securityfocus.com/bid/41965

sSMTP is used on almost all my gentoo boxes in combination with PHP so this happens also when someone pastes the string from the bulletin into an contact form.
So now I am a bit concerned about the impact this can has on my system.
Also I read the bug concerning the line ending problem in 2.64.
So my questin is what should I do to have my systems sound and safe.


Best regards
TheBunman
_________________
how would you feel if you no longer feared your government
Back to top
View user's profile Send private message
TheBunman
n00b
n00b


Joined: 05 May 2004
Posts: 28

PostPosted: Sun Dec 12, 2010 12:56 am    Post subject: Reply with quote

Hi,

does really no one else here consider this buffer overflow as an problem?
There is no updated ebuild to an package containing an buffer overflow which could be used for an DOS and possibly for more. (There is already an updated sSMTP version aviable.) And an concerned sysadmin does not even get an response from anyone in the gentoo forums.

Maybe my question was unclear? Or did I misunderstand the security bulletin?

I would have written an ebuild for version 2.64 but I am not sure if the line ending problem (which is AFAIK also in 2.62) is an show stopper.
-> http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg789435.html

Any help would be much appreciated.

Best regards
TheBunman

EDIT: added link to 2.64 debian report
_________________
how would you feel if you no longer feared your government
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16036

PostPosted: Sun Dec 12, 2010 4:28 am    Post subject: Reply with quote

It is a problem, but what do you want us to do about it? Fixing it probably requires a code patch. Though developers read the forums, most of the more active responders are not Gentoo developers, so we would have no access to commit a code fix even if we had the patch to implement it. Based on what you have shown, it is probably not allowing code execution due to -fstack-protector killing the process beforehand.
Back to top
View user's profile Send private message
TheBunman
n00b
n00b


Joined: 05 May 2004
Posts: 28

PostPosted: Sun Dec 12, 2010 6:20 pm    Post subject: Reply with quote

Hi Hu,

I didn't mean that you (ie the gentoo team) should write an patch. My intention was that I need to know how I should manage this problem.
Probably I'll set up postfix to do the job sSMTP does at the moment.

Thank you
TheBunman
_________________
how would you feel if you no longer feared your government
Back to top
View user's profile Send private message
Rider
Tux's lil' helper
Tux's lil' helper


Joined: 07 Jan 2003
Posts: 85
Location: Berne, Switzerland

PostPosted: Tue Dec 14, 2010 8:24 am    Post subject: Reply with quote

Hi

I have the same problem together with sieve/dovecot/ssmtp. As an alternative to ssmtp I'm using msmtp now.

Regards
Chris
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum