source-git / bogofilter

Clone
Source Code
GIT

Files

c8 c8s master
  1.   c8s
  2.   doc
  3.   bogofilter-SA-2004-01
Blob Blame History Raw 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

bogofilter-SA-2004-01 rfc2047crash

Topic:		vulnerability in bogofilter/bogolexer

Announcement:	bogofilter-SA-2004-01
Writer:		Matthias Andree
Version:	1.01
CVE id:		CVE-2004-1007
Announced:	2004-10-30
Category:	vulnerability
Type:		segmentation fault through malformed input
Impact:		denial of service
Credits:	Antti-Juhani Kaijanaho, Clint Adams, David Relson
Danger:		medium
URL:		http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01

Affected:	bogofilter (stable)  0.92.6, 0.92.4, 0.92.0, 0.17.5
		bogofilter (current) 0.17.4 to 0.92.7 (inclusive)

Not affected:	bogofilter 0.17.3 and older
		bogofilter 0.92.8 and newer

Introduced:	2004-03-20 21:46:39 UTC (CVS)
		2004-03-20 22:20    bogofilter 0.17.4 released as current
		2004-04-02 01:00    bogofilter 0.17.5 released as stable

Corrected:	2004-10-08 23:50:04 UTC (CVS) - committed corrected version
		2004-10-25          bogofilter 0.92.8 released as stable
		2004-10-26          recognized bug as a vulnerability

References:	Debian Bug #275373
		FreeBSD VuXML ID f4428842-a583-4a4c-89b7-297c3459a1c3
		FreeBSD Problem Report #73144

0. Release history

2004-10-28	0.01 initial draft for internal review
2004-10-30	0.02 minor revision, added URL
2004-10-30	1.00 minor revision by David Relson, published.
2004-11-03	1.01 Added CVE candidate number.

1. Background

Bogofilter is a software package to classify a mail as spam or
non-spam.  It uses a data base to store words and must be trained
which mail are spam and non-spam. It uses the probabilities of
individual words for classifying the message.

Bogofilter understands enough of MIME to decode headers and only
consider text parts of mail.

2. Problem description

Antti-Juhani Kaijanaho provided Debian with a test case that crashed
bogofilter 0.92.7. The problem was examined and tracked down to a change
in bogofilter's quoted-printable decoder that went into 0.17.4.

The pertinent change allowed the quoted-printable decoder to accept LF
in encoded words but replaced it by a NUL character, which the calling
function inside bogofilter could not handle. It attempted to write a NUL
byte either one byte past the end of a buffer provided by the lexical
analyzer or to an address that was the negative of the address of the
first byte of the "encoded text" part of the encoded word that was
supposed to be decoded.

It was decided to announce this as a vulnerability because bogofilter
cannot process the pertinent message.

3. Impact

This vulnerability causes bogofilter to catch a "segmentation violation"
signal, which causes an immediate program abort.

The exact impact depends on the way bogofilter is integrated into the
system. In common setups, the mail that contains such malformed headers
is deferred by the mail delivery agent and remains in the queue, where
it will eventually bounce back to the sender.

4. Workaround

No reasonable workaround is known at this time.

5. Solution

Upgrade your bogofilter to version 0.92.8.

bogofilter 0.92.8 is available from sourceforge:

http://sourceforge.net/project/showfiles.php?group_id=62265&package_id=59357&release_id=277823

Note that a broken-out bugfix patch is not available at this time,
because the reversion of the failure-inducing change is not a complete
fix. Besides, bogofilter is under development and support is limited to
the latest available "current" plus the latest available "stable"
versions.

A. License

(C) Copyright 2004 by Matthias Andree. Some rights reserved.

This work is dual-licensed under the
Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0),
and the GNU General Public License, v3, or later.

To view a copy of the Creative Commons Attribution-NoDerivs 3.0
Germany license, visit
http://creativecommons.org/licenses/by-nd/3.0/de/deed.en or send a
letter to:

Creative Commons
444 Castro Street
Suite 900
MOUNTAIN VIEW, CALIFORNIA 94041
USA


This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or (at
your option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program, in the file ../gpl-3.0.txt.
If not, see <http://www.gnu.org/licenses/>.


THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.

END of bogofilter-SA-2004-01 rfc2047crash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlHYI0gACgkQvmGDOQUufZXwkACg/BWfRDMAS3U4eEa9fzVcJw8L
VHQAoLNOOg0cOL1jix72jU+lfvIv0mxl
=0Kl8
-----END PGP SIGNATURE-----

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation