Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20210425010329.GA9898@hurricane.linuxnetz.de>
Date: Sun, 25 Apr 2021 03:03:29 +0200
From: Robert Scheck <robert@...oraproject.org>
To: Jan Engelhardt <jengelh@...i.de>
Cc: oss-security@...ts.openwall.com
Subject: Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access

On Fri, 02 Apr 2021, Jan Engelhardt wrote:
> Initial publication, no CVE number yet.
> 
> # Affected versions
> 
>   * kopano-core 11.0.1
>   * kopano-core 8.7.20
>   * it is believed this affects all other versions too,
>     including 10.0.7, 9.1.0, and zarafa 7.2.6.

The affected Zarafa versions are identically to CVE-2021-28994 (verified),
thus all versions since Zarafa 6.30.0 Beta 1 (SVN Rev. 13713) are affected.

Given the crash and error messages in old Zarafa versions look different
than in more recent Zarafa/Kopano versions, here is how it looked for me
when verifying the Zarafa version introducing the flaw:

Pid 1545 caught SIGABRT (6), out of memory or unhandled exception, traceback:
backtrace length: 18
0 0x7f6ef8f9a04f /lib64/libmapi.so.0(_Z23generic_sigsegv_handlerP8ECLoggerPKcS2_i+0x15f) [0x7f6ef8f9a04f]
1 0x7f6ef6b60630 /lib64/libpthread.so.0(+0xf630) [0x7f6ef6b60630]
2 0x7f6ef4cac3d7 /lib64/libc.so.6(gsignal+0x37) [0x7f6ef4cac3d7]
3 0x7f6ef4cadac8 /lib64/libc.so.6(abort+0x148) [0x7f6ef4cadac8]
4 0x7f6ef55bca95 /lib64/libstdc++.so.6(_ZN9__gnu_cxx27__verbose_terminate_handlerEv+0x165) [0x7f6ef55bca95]
5 0x7f6ef55baa06 /lib64/libstdc++.so.6(+0x5ea06) [0x7f6ef55baa06]
6 0x7f6ef55baa33 /lib64/libstdc++.so.6(+0x5ea33) [0x7f6ef55baa33]
7 0x7f6ef55bac53 /lib64/libstdc++.so.6(+0x5ec53) [0x7f6ef55bac53]
8 0x7f6ef560fb17 /lib64/libstdc++.so.6(_ZSt20__throw_out_of_rangePKc+0x77) [0x7f6ef560fb17]
9 0x42a999 /usr/bin/zarafa-ical(_ZN4Http13HrReadHeadersEv+0x529) [0x42a999]
10 0x415414 /usr/bin/zarafa-ical(_Z15HrHandleRequestP9ECChannel+0xd4) [0x415414]
11 0x4166f8 /usr/bin/zarafa-ical(_Z13HandlerClientPv+0x28) [0x4166f8]
12 0x444aee /usr/bin/zarafa-ical(_Z18unix_fork_functionPFPvS_ES_iPi+0x6e) [0x444aee]
13 0x414e73 /usr/bin/zarafa-ical(_Z20HrStartHandlerClientP9ECChannelbiPi+0xb3) [0x414e73]
14 0x41511b /usr/bin/zarafa-ical(_Z20HrProcessConnectionsii+0x22b) [0x41511b]
15 0x414003 /usr/bin/zarafa-ical(main+0x723) [0x414003]
16 0x7f6ef4c98555 /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f6ef4c98555]
17 0x414377 /usr/bin/zarafa-ical() [0x414377]


Kind regards

Robert Scheck

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.