Buffer overflow in uw-mailtutils cause by extra-long passwords

Bug #384914 reported by Bjoern Voigt on 2009-06-08
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
uw-imap (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: uw-mailutils

If a user types-in an extra long password (>1024 characters) mailutil crashes with an buffer overflow:

$ mailutil check '{imap.example.com}INBOX'
{imap.example.com} password:
warning: LOGIN failed
*** buffer overflow detected ***: mailutil terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7da8da8]
/lib/tls/i686/cmov/libc.so.6[0xb7da6eb0]
/lib/tls/i686/cmov/libc.so.6[0xb7da65a8]
/lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0xc8)[0xb7d18bb8]
/lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0x3735)[0xb7cedf65]
/lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xa4)[0xb7da6654]
/lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0xb7da659d]
mailutil(mm_login+0x6d)[0x804a1dd]
/usr/lib/libc-client.so.2007b(imap_login+0xb6)[0xb7e81da6]
/usr/lib/libc-client.so.2007b(imap_open+0x106f)[0xb7e83d8f]
[0x6227584f]
======= Memory map: ========

Description: Ubuntu 9.04
Release: 9.04
Package: uw-mailutils 8:2007b~dfsg-1.1

Bjoern Voigt (bjoern) wrote :
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers