_ _____/_ ___ / | \_____ | __)_ / // ~ / | | \ ___ Y / | /_______ / ______ /___|_ /_______ /
/ / / /
.OR.ID
ECHO_ADV_42$2006
------------------------------------------------------------------------
---
[ECHO_ADV_42$2006] BufferOverflow in Eremove Client
------------------------------------------------------------------------
---
Author : Dedi Dwianto
Date : Aug, 01st 2006
Location : Indonesia, Jakarta
Web : http://advisories.echo.or.id/adv/adv42-theday-2006.txt
Exploitation : Local
Critical Lvl : High
------------------------------------------------------------------------
---
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Eremove
version : 1.4
URL : http://eremove.sourceforge.net/
Description :
Eremove is a simple application for linux, based on GTK, for logging into
a POP3 mail account, quickly seeing a summary of everything that is there
waiting for you, and previewing/deleteing some or all of those emails painlessly.
------------------------------------------------------------------------
---
Vulnerability:
~~~~~~~~~~~~~~~~
The function priview_create used by Eremove is affected by a buffer-overflow
vulnerability which happens when it tries to store the exceeding data
available in the input email in the message_body buffer of only 65534 bytes.
------------------gui.cpp-----------------------------
.....
gint preview_create (int message_num) {
...
GtkWidget *hbox;
GtkWidget *vscrollbar;
char *tmp_pntr;
char tmp_str[255];
char buf[65534];
char message_body[65534];
gint i;
...
}
if (!find_header_field("Date", buf, &date)) {
date = (char *) malloc(strlen("unspecified")*sizeof(char));
strcpy(date, "unspecified");
}
strcpy(message_body, buf);
...
----------------------------------------------------------
POC:
~~~~
Send EMail with Attachment more than 100 KB
and Openwith eremove.
Eremove will be crash.
------------------------------------------------------------------------
---
Shoutz:
~~~~~~~
~ y3dips,moby,comex,z3r0byt3,K-159,c-a-s-e,S`to,lirva32,anonymous
~ My Lovely Jessy
~ newbie_hacker (at) yahoogroups (dot) com [email concealed]
~ #aikmel #e-c-h-o @irc.dal.net
~ SUPPORT PALESTINE & LEBANON
------------------------------------------------------------------------
---
Contact:
~~~~~~~~
Dedi Dwianto || echo|staff || the_day[at]echo[dot]or[dot]id
Homepage: http://theday.echo.or.id/
-------------------------------- [ EOF ] ----------------------------------
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum