Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » libesmtp read_smtp_response() buffer overflow

libesmtp read_smtp_response() buffer overflow

by Mario Miri on April 9th, 2003 A buffer overflow attack is possible on libesmtp function read_smtp_response(). If user is connected to the attacker controlled SMTP server, the attacker could return specially crafted SMTP response which would result in buffer overflow and possible code execution.


Vulnerable:
GNOME Balsa 1.1.7
GNOME Balsa 1.2.4
GNOME Balsa 2.0.6
libesmtp 0.8.4
libesmtp 0.8.9
libesmtp 0.8.10
libesmtp 0.8.10p1


Solution:
Patches are available from the following location:
http://balsa.gnome.org/
http://www.stafford.uklinux.net/libesmtp/


Discovered by:
Reported in the product ChangeLog.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »