TA-200205, Tin 1.6.2 - Insufficient Boundary Checking

Tripbit Security Advisory

TA-200205

Severity:	Medium/High
Application:	Tin 1.6.2 stable
Platform:	Windows
Class:	Insufficient Boundary Checking
Release Date:	February 20th, 2005
Vendor:	http://www.tin.org/

• Overview

The TIN newsreader is a threaded NNTP and spool based UseNet newsreader for a variety of platforms. It is designed to speed up the newsreading process by giving you more control over what you read. This is important given the ever increasing number of newsgroups that you may wish to monitor.

• Details

tin-1.6.2/src/auth.c

[...]
251: static int
252: do_authinfo_original(
253: char *server,
254: char *authuser,
255: char *authpass)
256: {
257:   char line[PATH_LEN];
258:   int ret;
259:
260:   sprintf(line, "AUTHINFO USER %s", authuser);
261: #ifdef DEBUG
[...]

tin-1.6.2/include/tin.h
[...]
889: #define PATH_LEN 256
[...]

• Recommendation

Use the latest "unstable" version > 1.7.0

• Disclaimer

The information within this paper may change without notice. Use of this information constitutes acceptance for use in an 'AS IS' condition. There are 'NO' warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

• Additional information

This vulnerability has been found and researched by:

posidron posidron@tripbit.org
rushjo rushjo@tripbit.org

• Availability

You can find the latest version of this warning under the following URL:

http://www.tripbit.org/advisories/TA-200205.html