Bug 23964

Summary: CVE-2008-7258 (DoS)
Product: Sisyphus Reporter: Michael Shigorin <mike>
Component: ssmtpAssignee: Anton Farygin <rider>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: normal    
Priority: P3 CC: rider
Version: unstable   
Hardware: all   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=618132

Description Michael Shigorin 2010-08-26 14:01:13 MSD 
a deficiency in the way ssmtp removed trailing '\n' sequence by processing lines beginning with a leading dot. A local user, could send a specially-crafted e-mail message via ssmtp send-only sendmail emulator, leading to ssmtp executable denial of service (exit with: ssmtp: standardise() -- Buffer overflow). Different vulnerability than CVE-2008-3962.

http://cvs.fedoraproject.org/viewvc/rpms/ssmtp/devel/ssmtp-standardise.patch?view=log
Comment 1 Michael Shigorin 2010-08-28 13:29:02 MSD 
* Fri Aug 27 2010 Denis Smirnov <mithraen@altlinux> 2.62.2-alt10
- ALT #23964