Clonnit Pro and Overflow; Oh, Oh
Dateline 08/10/98
"If solid happiness we prize,
Within our breast this jewel lies,
And they are fools who roam.
The world has nothing to bestow;
From our own selves our joys must flow,
And that dear hut, our home"
Nathaniel Cotton
The Fireside
Clonnit Pro Security Issues
A possibly serious security issue has been discovered by researchers; currently only the Clonnit Pro femail program is believed to be affected.
The problem lies in the way the program handles WORK attachments, especially those with excessively long body parts. The bug can cause a buffer overflow, leaving an undetermined remainder behind. In a secure environment, this may not cause immediate damage; the program may crash, however, which possible has harmful effects to other parts of your system.
Clonnit Pro has also been found to be inconsistent in its communication with other programs. It not yet clear if, and if so, how, this is connected to the buffer overflow issue. Since Clonnit Pro is so tightly integrated with the operating system (although the connections are hidden, obscure and obscured as to ensure no other program can exploit them) these inconsistencies may render the whole system instable.
The makers of Clonnit Pro say the buffer overflow is a "minor issue" that concerns mostly the processes internal to the program (and rightly do they say so!), but they're looking into it and will possibly make a patch available. Since there is currently no efficient alternative in sight for Clonnit Pro and the makers of the program say they haven't found any other bugs or inconsistencies we'll have to stick with it for the time being.
Clonnit Light is not affected at all; it's more popular anyways.
What Is a Buffer Overflow, Technically?
In the C programming language, strings are represented as a series of characters. To temporarily store a, presumably short, string such as the file name of an attachment, a buffer is used. That buffer has a predefined size, for example 255 characters for our file name.
As long as the sequence of characters stored in that buffer is shorter than the buffer everything is fine. But what happens if the file name exceeds the storage space available in the buffer and is 260 characters long? The first 255 fit nicely, but the 256th character is set to be written to memory area that has not been reserved for the buffer, may not even belong to the program and hold completely different, possibly crucial data. That can do no good; any reasonably advanced operating system will detect that a program is trying to access foreign memory areas, immediately kill it and report a 'segmentation fault'. There is still a chance, however, that some code, a virus maybe, was hidden in the excessively large string and somehow manages to get executed and do nasty things. Don't ask me how to do this; I wouldn't tell you anyways.
