FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

spamdyke -- Buffer Overflow Vulnerabilities

Affected packages
spamdyke < 4.3.0

Details

VuXML ID 7d2336c2-4607-11e1-9f47-00e0815b8da8
Discovery 2012-01-15
Entry 2012-01-23

Secunia reports:

Fixed a number of very serious errors in the usage of snprintf()/vsnprintf().

The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that *could* be printed if the buffer were of infinite size. Because the returned value could be larger than the buffer's size, this meant remotely exploitable buffer overflows were possible, depending on spamdyke's configuration.

References

CVE Name CVE-2012-0802
URL http://www.spamdyke.org/documentation/Changelog.txt
URL https://secunia.com/advisories/47548/