AOH :: HP Unsorted Q :: C07-2402.HTM

qwik-smtpd format string
qwik-smtpd format string
qwik-smtpd format string

Advisory          : H0tTurk-
Product           : qwik-smtpd (latest version).
Vendor : 
Bug           : format string vulnerability
Vendor Status : Released Patch. 


It is an SMTP (mail) server that supports SMTP and ESMTP. Once finished,
it will be very secure, hopefully with the same reputation as qmail.

I found format string bug in Qwik-SMTP daemon.
See this:

File: qwik-smtpd.c

sprintf(Received,"Received: from %s (TURK %s) (%s) by %s with SMTP; %s\n", clientHost,
clientHelo, clientIP, localHost, timebuf);

As you can see, bug found in main() function. This type is REMOTE.
We don't want to release an exploit to avoid kids usage.

Spc Thx:
Drmaxvirus,Gencturk,İlkerkandemir,TiT,LuciferCihan,madconfig,tr-zindan,Theghost,SAWTURK,Ambassador,RidvanCihan,Crackers_Child,Kurtefendy,And Ayyildiz Vip TiM User,Soldiers

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to