Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 18444

Summary: Security problem in address parsing from untrusted sources, which includes DNS.
Product: Gentoo Linux Reporter: Christian Birchinger (RETIRED) <joker>
Component: Current packagesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: critical CC: n2uro
Priority: High    
Version: 1.4_rc1   
Hardware: All   
OS: All   
URL: http://msgs.securepoint.com/cgi-bin/get/bugtraq0303/351.html
Whiteboard:
Package list:
Runtime testing required: ---

Description Christian Birchinger (RETIRED) gentoo-dev 2003-03-29 15:00:23 UTC 
8.12.9/8.12.9 2003/03/29
SECURITY: Fix a buffer overflow in address parsing due to
a char to int conversion problem which is potentially
remotely exploitable.  Problem found by Michal Zalewski.
Note: an MTA that is not patched might be vulnerable to
data that it receives from untrusted sources, which
includes DNS.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Christian Birchinger (RETIRED) gentoo-dev 2003-03-29 15:27:27 UTC 
Bumping the ebuild version seems to work fine.
Comment 2 Martin Holzer (RETIRED) gentoo-dev 2003-03-29 20:24:17 UTC 
*** Bug 18448 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Ahlberg (RETIRED) gentoo-dev 2003-03-30 10:17:50 UTC 

*** This bug has been marked as a duplicate of 18474 ***