Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Jul 2010 10:46:14 +0200
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
CC: oss-security <>
Subject: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow

Hi Steve, vendors,

   Brendan Boerner reported:

a deficiency in the way ssmtp removed trailing '\n' sequence
by processing lines beginning with a leading dot. A local user,
could send a specially-crafted e-mail message via ssmtp send-only
sendmail emulator, leading to ssmtp executable denial of service (exit with:
ssmtp: standardise() -- Buffer overflow). Different vulnerability
than CVE-2008-3962.


Debian Linux distribution patch:

Public PoC (from
   [9] ( 0. Install & configure ssmtp, of course )
         1. (echo -n . ; for i in {1..2050} ; do echo -n $i ; done) | mail root

Couldn't find CVE-2008-XXXX ssmtp identifier for this

Steve, could you allocate one?

Thanks && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.