AOH :: HP Unsorted Q :: C07-2402.HTM

qwik-smtpd format string



qwik-smtpd format string
qwik-smtpd format string



Advisory          : H0tTurk-
Product           : qwik-smtpd (latest version).
Vendor : http://qwikmail.sourceforge.net/ 
Bug           : format string vulnerability
Vendor Status : Released Patch. http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch 

------------------------------------------------------------------------------------------------------------

It is an SMTP (mail) server that supports SMTP and ESMTP. Once finished,
it will be very secure, hopefully with the same reputation as qmail.
-------------------------------------------------

I found format string bug in Qwik-SMTP daemon.
See this:

File: qwik-smtpd.c

sprintf(Received,"Received: from %s (TURK %s) (%s) by %s with SMTP; %s\n", clientHost,
clientHelo, clientIP, localHost, timebuf);
...
          else
          {
            fprintf(fpout,Received);
....

As you can see, bug found in main() function. This type is REMOTE.
We don't want to release an exploit to avoid kids usage.

Spc Thx:
Drmaxvirus,Gencturk,İlkerkandemir,TiT,LuciferCihan,madconfig,tr-zindan,Theghost,SAWTURK,Ambassador,RidvanCihan,Crackers_Child,Kurtefendy,And Ayyildiz Vip TiM User,Soldiers

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.