Home » Hacking News » libesmtp read_smtp_response() buffer overflow

libesmtp read_smtp_response() buffer overflow

by Mario Miri on April 9th, 2003 A buffer overflow attack is possible on libesmtp function read_smtp_response(). If user is connected to the attacker controlled SMTP server, the attacker could return specially crafted SMTP response which would result in buffer overflow and possible code execution.

Vulnerable:
GNOME Balsa 1.1.7
GNOME Balsa 1.2.4
GNOME Balsa 2.0.6
libesmtp 0.8.4
libesmtp 0.8.9
libesmtp 0.8.10
libesmtp 0.8.10p1

Solution:
Patches are available from the following location:
http://balsa.gnome.org/
http://www.stafford.uklinux.net/libesmtp/

Discovered by:
Reported in the product ChangeLog.

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Our online shop
Top sellers
New Items
Books
Software

Xatrix.org © Copyright 2001-2016, Xatrix Security . All Rights Reserved
Hacking into a victim of crime's phone is a sort of poetically elegant manifestation of a modus operandi the tabloids have. - Steve Coogan

Users login

JOIN XATRIX

libesmtp read_smtp_response() buffer overflow

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact