reopen 301428 thanks I'm reopening this bug report because it consisted of two problems. The patch provided fixed the heap overflow, which has now been assigned CVE id CAN-2005-0892.
However, that leaves smail still vulnerale to CAN-2005-0893, described as "modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc." Some details here: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111177045217717&w=2 No patch known at present. There also seems to be some confusion on bugtraq over whether we have a real security hole at all. NOTE: The (upstream) smail maintainer claims both vulnerabilities to be not NOTE: exploitable. The bugreporter has presented valid claims, though, NOTE: but the smail maintainer blocks the reporter's mail domain on NOTE: SMTP level, so there's some kind of communication problem :-) NOTE: The patch applied by the maintainer addresses the heap overflow, NOTE: but doesn't touch the sighandler issues. This deserves a second NOTE: deeper analysis. -- see shy jo
signature.asc
Description: Digital signature
