Moritz Muehlenhoff
2010-Jul-04 19:50 UTC
[Secure-testing-team] Bug#588090: heap corruption overrun in bogofilter/bogolexer
Package: bogofilter Severity: grave Tags: security The following security issue was found in bogofilter: bogofilter-SA-2010-01 Topic: heap corruption overrun in bogofilter/bogolexer Announcement: bogofilter-SA-2010-01 Writer: Matthias Andree Version: 0.1 CVE ID: Announced: Category: vulnerability Type: array index underflow/out of bounds write through invalid input Impact: heap corruption, application crash Credits: Julius Plenz Danger: medium URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01 Affected: bogofilter <= 1.2.1 SVN before 2010-07-03 08:40 UTC Not affected: bogofilter 1.2.2 (to be released) 1. Background ============ Bogofilter is a software package for classifying a message as spam or non-spam. It uses a data base to store words and must be trained which messages are spam and non-spam. It uses the probabilities of individual words for classifying the message. Note that the bogofilter project is issuing security announcements only for current "stable" releases, and not necessarily for past "stable" releases. 2. Problem description ===================== Bogofilter''s/bogolexer''s base64 could overwrite memory before its heap buffer if the base64 input started with an equals sign, such as through misdeclaration of quoted-printable as base64. 3. Impact ======== Vulnerable bogofilter and bogolexer applications can corrupt their heap and crash. The consequences are dependent on the local configuration, memory layout and operating system features. 4. Solution ========== Upgrade your bogofilter to version 1.2.2 (or a newer release). bogofilter is available from SourceForge: <https://sourceforge.net/project/showfiles.php?group_id=62265> A. Copyright, License and Warranty ================================= (C) Copyright 2010 by Matthias Andree, <matthias.andree at gmx.de>. Some rights reserved. This work is licenced under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California 94105, USA. THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. END of bogofilter-SA-2010-01 -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, ''unstable'') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages bogofilter depends on: pn bogofilter-bdb <none> (no description available) bogofilter recommends no packages. bogofilter suggests no packages.