[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [leafnode-list] Is leafnode vulnerable to buffer overflows ?
Malte Gell <malte_gell@xxxxxx> writes:
> Hello,
>
> I'm (still) using 1.9.25rel and just had a warning message that a
> message just received from the upstream server contained illegal
> headers, it seems this message was deleted by leafnode, it's not in
> /var/spool/news/... and so I can't tell the message-it, it came from
> de.comp.os.unix.apps.kde
>
> This event just lead me to the question, whether leafnode in general or
> version 1.9.25rel could ever be attacked by a message with badly
> malformed headers to execute remote commands ?
I believe the risk is low.
I'm not aware of any in 1.9.30.devel4 and did not fix such bugs
recently; usually, leafnode will not work with static buffers without
checking the length; particularly, data read from the network or from
files is read into a dynamically allocated buffer.
OTOH, I did not write all of leafnode's code, and I may have missed a
problem, but I used rats/flawfinder and I made many changes to get rid
of fixed-size buffers though.
Remember that there is no guarantee.
Even if a problem were found, and if this problem could actually be
exploited to mount a stack smashing attack, leafnode would only run as
user "news" to limit the impact of that.
Usually, "illegal headers" is a hint to a missing required header, a
posting which no server should have passed on in the first place. A
debug log (see README) of leafnode 1.9.29 or 1.9.30.devel4 would tell
you more.
--
Matthias Andree
leafnode-1 download: http://sourceforge.net/projects/leafnode/
leafnode-1 docs/new: http://mandree.home.pages.de/leafnode/
leafnode-2 homepage: http://mandree.home.pages.de/leafnode/beta/
--
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list