Sven Mueller
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: Bug#332259: spampd fails with ''Error in process_request'': Modification of read-only variable in Syslog.pm
Package spampd Tags 332259 +security Severity 332259 critical Thanks Richard Wohlstadter wrote on 05/10/2005 16:56: I will look into this issue as soon as possible, but due to some technical difficulties, I might not get a chance to actually do so until Tue, Oct. 18th 05. I see this issue as a security issue (Denial of service), but if I don''t get to dig into the issue tomorrow, it is likely that I''m cut off from the net until Tuesday after next. Regards, Sven CC''ed the security and testing-security teams on this. Will try to give feedback on wether or not I will be able to fix this in time tomorrow.> Package: spampd > Version: 2.20-9 > > When processing an email with the following message id: > > Message-ID: <BF68565C.761C%mneff@biology2.wustl.edu> > > spampd would fail to process throwing the following error: > > Oct 4 16:38:29 linuscs32 spampd[30364]: WARNING!! Error in > process_request eval block: Modification of a read-only value attempted > at /usr/lib/perl/5.8/Sys/Syslog.pm line 312, <_GEN_18> line 67 > > I removed the %(percent) sign from the message id and it worked so I > assume having a % in the message id is causing the problem. Possibly an > issue with syslog.pm using printf and misinterpreting the %?? > > I am on Debian Sarge, vanilla kernel 2.6.10 and libc6 2.3.2.ds1-22 > > Rich Wohlstadter > GSC, Washington U. of St. Louis >