Posadis / Poslib Win32 "-mthreads" vulnerability                      18-10-03
------------------------------------------------

Introduction
------------

Windows versions of Posadis 0.60.x and Poslib 1.0.x suffer from a
vulnerability caused by bad compiler flags, that can make them crash at
random occasions.

Products affected
-----------------

 o Posadis 0.60.x for Windows, versions prior to 0.60.1-3
 o Poslib 1.0.x (Mingw) for Windows, versions prior to 1.0.1-3

NOT affected are Posadis and Poslib for Unix, Posadis 0.50.x and earlier,
and Poslib for Borland C++.

Details
-------

Posadis is a multithreaded application for Windows built using the Mingw
C++ compiler (www.mingw.org), a Win32 port of the popular GNU Compiler
Collection. Since it uses C++ exceptions as well, it should be compiled using
the "-mthreads" compiler flag. However, current versions of Posadis were not
compiled using this flag. This could in certain circumstances cause Posadis
to crash on certain occasions, for example during recursive lookups in which
an error occured (causing an exception to be thrown).

Posadis and Poslib have now been fixed to use the "-mthreads" compiler flag.

It is not known whether this bug is remotely exploitable; however, it is
likely that this bug can be used to cause a Denial of Service (DoS) of the
Posadis server.

This bug has been found much thanks to hardings, who helped me finding
test cases and testing the fix. More information about this bug can be 
found in his bug report:

  https://sourceforge.net/tracker/index.php
    ?func=detail&aid=814387&group_id=24199&atid=380732

Fix
---

Fixed builds for Posadis 0.60.1 and Poslib 1.0.1 have been released, and can
be downloaded from

  http://www.posadis.org/download.php

Posadis 0.60.1-3 can be installed over prior 0.60.1 versions without problems.
Posadis 0.60.1-3 and Poslib 1.0.1-3 are incremental fixes in that they also
contain fixes for Posadis security advisory 004. Additionally, Posadis
0.60.1-3 also contains some carefully selected patches that fix some bugs in
the Posadis lookup process.

These fixes are also available in the release-0_60_1-patches branch of the
Posadis CVS tree. The fixes for Poslib have been committed in the MAIN branch.

More information
----------------

For more information, you can send an e-mail to Meilof Veeningen:

  meilof@users.sourceforge.net