Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2008-7258 buffer overflow

Related Vulnerabilities: CVE-2008-7258   CVE-2010-7258  

Source

Debian Bug report logs - #591515
CVE-2008-7258 buffer overflow

Package: ssmtp; Maintainer for ssmtp is Anibal Monsalve Salazar <anibal@debian.org>; Source for ssmtp is src:ssmtp (PTS, buildd, popcon).

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Tue, 3 Aug 2010 17:51:01 UTC

Severity: normal

Tags: unreproducible

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Tue, 03 Aug 2010 17:51:04 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Tue, 03 Aug 2010 17:51:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: ssmtp: CVE-2010-7258 buffer overflow
Date: Tue, 3 Aug 2010 13:47:15 -0400
package: ssmtp
version: 2.64-4
severity: serious
tags: security

a buffer overflow in ssmtp:
https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424

note that current code is slightly different than ubuntu, so its not
entirely clear whether debian is affected.  please check.

thanks,
mike

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Tue, 03 Aug 2010 18:00:05 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Tue, 03 Aug 2010 18:00:05 GMT) (full text, mbox, link).

Message #10 received at 591515@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 591515@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#591515: Acknowledgement (ssmtp: CVE-2010-7258 buffer overflow)
Date: Tue, 3 Aug 2010 13:56:22 -0400
retitle 591515 CVE-2008-7258 buffer overflow
thanks

Changed Bug title to 'CVE-2008-7258 buffer overflow' from 'ssmtp: CVE-2010-7258 buffer overflow' Request was from Michael Gilbert <michael.s.gilbert@gmail.com> to control@bugs.debian.org. (Tue, 03 Aug 2010 18:00:06 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#591515; Package ssmtp. (Mon, 09 Aug 2010 03:45:02 GMT) (full text, mbox, link).

Acknowledgement sent to Anibal Monsalve Salazar <anibal@debian.org>:
Extra info received and forwarded to list. (Mon, 09 Aug 2010 03:45:03 GMT) (full text, mbox, link).

Message #17 received at 591515@bugs.debian.org (full text, mbox, reply):

From: Anibal Monsalve Salazar <anibal@debian.org>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, 591515@bugs.debian.org
Cc: Moritz Muehlenhoff <jmm@inutil.org>
Subject: Re: Bug#591515: ssmtp: CVE-2008-7258 buffer overflow
Date: Sun, 8 Aug 2010 23:40:38 -0400
On Tue, Aug 03, 2010 at 01:47:15PM -0400, Michael Gilbert wrote:
>package: ssmtp
>version: 2.64-4
>severity: serious
>tags: security
>
>a buffer overflow in ssmtp:
>https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424
>
>note that current code is slightly different than ubuntu, so its not
>entirely clear whether debian is affected.  please check.
>
>thanks,
>mike

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7258

CVE-2008-7258 at the address above seems empty.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7258

The web page above reads:

  ERROR, "CVE-2008-7258" is valid CVE format, but CVE was not found.

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Mon, 09 Aug 2010 15:15:06 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Mon, 09 Aug 2010 15:15:06 GMT) (full text, mbox, link).

Message #22 received at 591515@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 591515@bugs.debian.org
Cc: jmm@debian.org
Subject: Re: Bug#591515: ssmtp: CVE-2008-7258 buffer overflow
Date: Mon, 9 Aug 2010 11:10:46 -0400
On Sun, 8 Aug 2010 23:40:38 -0400, Anibal Monsalve Salazar wrote:
> On Tue, Aug 03, 2010 at 01:47:15PM -0400, Michael Gilbert wrote:
> >package: ssmtp
> >version: 2.64-4
> >severity: serious
> >tags: security
> >
> >a buffer overflow in ssmtp:
> >https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424
> >
> >note that current code is slightly different than ubuntu, so its not
> >entirely clear whether debian is affected.  please check.
> >
> >thanks,
> >mike
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7258
> 
> CVE-2008-7258 at the address above seems empty.
> 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7258
> 
> The web page above reads:
> 
>   ERROR, "CVE-2008-7258" is valid CVE format, but CVE was not found.

that means that the info hasn't yet been populated in their database.
it was assigned on oss-security, and sometimes it takes a many days to
enter the database after that.

mike

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#591515; Package ssmtp. (Tue, 10 Aug 2010 01:27:03 GMT) (full text, mbox, link).

Acknowledgement sent to Anibal Monsalve Salazar <anibal@debian.org>:
Extra info received and forwarded to list. (Tue, 10 Aug 2010 01:27:03 GMT) (full text, mbox, link).

Message #27 received at 591515@bugs.debian.org (full text, mbox, reply):

From: Anibal Monsalve Salazar <anibal@debian.org>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, 591515@bugs.debian.org
Cc: jmm@debian.org
Subject: Re: Bug#591515: ssmtp: CVE-2008-7258 buffer overflow
Date: Mon, 9 Aug 2010 21:25:37 -0400
On Mon, Aug 09, 2010 at 11:10:46AM -0400, Michael Gilbert wrote:
>that means that the info hasn't yet been populated in their database.
>it was assigned on oss-security, and sometimes it takes a many days to
>enter the database after that.

Please don't forget we're talking about CVE-2008-7258. A CVE from the
year 2008.

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Tue, 10 Aug 2010 01:45:03 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Tue, 10 Aug 2010 01:45:03 GMT) (full text, mbox, link).

Message #32 received at 591515@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 591515@bugs.debian.org, jmm@debian.org
Subject: Re: Bug#591515: ssmtp: CVE-2008-7258 buffer overflow
Date: Mon, 9 Aug 2010 21:41:44 -0400
On Mon, 9 Aug 2010 21:25:37 -0400 Anibal Monsalve Salazar wrote:

> On Mon, Aug 09, 2010 at 11:10:46AM -0400, Michael Gilbert wrote:
> >that means that the info hasn't yet been populated in their database.
> >it was assigned on oss-security, and sometimes it takes a many days to
> >enter the database after that.
> 
> Please don't forget we're talking about CVE-2008-7258. A CVE from the
> year 2008.

yes it is a 2008 issue, but it was only assigned an id a couple days
ago. they make date assignments based on discovery year; rather than
issue year.

mike

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Sun, 22 Aug 2010 09:39:04 GMT) (full text, mbox, link).

Acknowledgement sent to Luca Bruno <lucab@debian.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Sun, 22 Aug 2010 09:39:04 GMT) (full text, mbox, link).

Message #37 received at 591515@bugs.debian.org (full text, mbox, reply):

From: Luca Bruno <lucab@debian.org>
To: 591515@bugs.debian.org, control@bugs.debian.org
Cc: Michael Gilbert <michael.s.gilbert@gmail.com>
Subject: ssmtp: CVE-2008-7258 buffer overflow
Date: Sun, 22 Aug 2010 11:34:51 +0200
[Message part 1 (text/plain, inline)]
tag 591515 + unreproducible
thanks

Hi,
Ubuntu bug-report was filed against 2.62 and contains a PoC/testcase.
Current squeeze and sid contain latest 2.64, and the aforementioned
testcase doesn't fail.

Moreover, as it seems to be an off-by-one error, I think it was fixed
in later versions, as ssmtp.c now accounts for it:

1385         if(vsnprintf(buf, (BUF_SZ - 1), format, ap) == -1) {
1386                 die("smtp_write() -- vsnprintf() failed");
1387         }

I'm tagging as unreproducible, as Anibal would certainly have more
knowledge about this than me to close it.

Cheers, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.    | lucab (AT) debian.org
`. `'`  			| GPG Key ID: 3BFB9FB3
  `-     http://www.debian.org 	| Debian GNU/Linux Developer

[Message part 2 (application/pgp-signature, inline)]

Added tag(s) unreproducible. Request was from Luca Bruno <lucab@debian.org> to control@bugs.debian.org. (Sun, 22 Aug 2010 09:39:05 GMT) (full text, mbox, link).

Bug No longer marked as found in versions ssmtp/2.64-4. Request was from Aníbal Monsalve Salazar <anibal@debian.org> to control@bugs.debian.org. (Mon, 23 Aug 2010 06:15:06 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Sat, 04 Sep 2010 14:12:06 GMT) (full text, mbox, link).

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Sat, 04 Sep 2010 14:12:06 GMT) (full text, mbox, link).

Message #46 received at 591515@bugs.debian.org (full text, mbox, reply):

From: Julien Cristau <jcristau@debian.org>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, 591515@bugs.debian.org
Subject: Re: Bug#591515: ssmtp: CVE-2010-7258 buffer overflow
Date: Sat, 4 Sep 2010 16:09:55 +0200
[Message part 1 (text/plain, inline)]
tag 591515 - security
severity 591515 normal
kthxbye

On Tue, Aug  3, 2010 at 13:47:15 -0400, Michael Gilbert wrote:

> package: ssmtp
> version: 2.64-4
> severity: serious
> tags: security
> 
> a buffer overflow in ssmtp:
> https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424
> 
> note that current code is slightly different than ubuntu, so its not
> entirely clear whether debian is affected.  please check.
> 
Quoting the CVE description:

** DISPUTED ** The standardise function in Anibal Monsalve Salazar sSMTP
2.61 and 2.62 allows local users to cause a denial of service
(application exit) via an e-mail message containing a long line that
begins with a . (dot) character. NOTE: CVE disputes this issue because
it is solely a usability problem for senders of messages with certain
long lines, and has no security impact.

Downgrading.

Cheers,
Julien

[signature.asc (application/pgp-signature, inline)]

Removed tag(s) security. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Sat, 04 Sep 2010 14:12:09 GMT) (full text, mbox, link).

Severity set to 'normal' from 'serious' Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Sat, 04 Sep 2010 14:12:10 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Tue, 18 Oct 2016 18:09:02 GMT) (full text, mbox, link).

Acknowledgement sent to "FedEx 2Day" <johnnie.curran@farahesab.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Tue, 18 Oct 2016 18:09:02 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Sun, 23 Oct 2016 02:06:02 GMT) (full text, mbox, link).

Acknowledgement sent to "FedEx 2Day" <sidney.barton@test.tbilision.com>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Sun, 23 Oct 2016 02:06:02 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Sun, 30 Oct 2016 14:12:07 GMT) (full text, mbox, link).

Acknowledgement sent to "FedEx International Ground" <max.harrington@raffiscateringandbanquet.com>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Sun, 30 Oct 2016 14:12:07 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Wed, 02 Nov 2016 08:30:03 GMT) (full text, mbox, link).

Acknowledgement sent to "FedEx Standard Overnight" <tricia.hozie@heartland.edu>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Wed, 02 Nov 2016 08:30:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Mon, 07 Nov 2016 00:39:03 GMT) (full text, mbox, link).

Acknowledgement sent to "FedEx Ground" <terry.kemp@genkiseika.com>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Mon, 07 Nov 2016 00:39:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Mon, 14 Nov 2016 04:33:03 GMT) (full text, mbox, link).

Acknowledgement sent to "FedEx SmartPost" <william.garcia@lacity.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Mon, 14 Nov 2016 04:33:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#591515; Package ssmtp. (Sun, 20 Nov 2016 04:12:02 GMT) (full text, mbox, link).

Acknowledgement sent to "FedEx International Ground" <jerry@agclandscapes.com>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Sun, 20 Nov 2016 04:12:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:54:13 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started