The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
bogofilter/bogolexer Malformed Input DoS
------------------------------------------------------------------------
SUMMARY
Bogofilter is "a software package to classify a mail as SPAM or non-SPAM.
It uses a data base to store words and must be trained which mail are SPAM
and non-SPAM. It uses the probabilities of individual words for
classifying the message".
Antti-Juhani Kaijanaho provided Debian with a test case that crashed
bogofilter 0.92.7. The problem was examined and tracked down to a change
in bogofilter's quoted-printable decoder that went into 0.17.4.
DETAILS
Vulnerable Systems:
* bogofilter/bogolexer version 0.92.7 and prior
Immune Systems:
* bogofilter/bogolexer version 0.92.8 and newer
* bogofilter version 0.17.3 and older
The pertinent change allowed the quoted-printable decoder to accept LF in
encoded words but replaced it by a NUL character, which the calling
function inside bogofilter could not handle. It attempted to write a NUL
byte either one byte past the end of a buffer provided by the lexical
analyzer or to an address that was the negative of the address of the
first byte of the "encoded text" part of the encoded word that was
supposed to be decoded.
It was decided to announce this as a vulnerability because bogofilter
cannot process the pertinent message.
Impact:
This vulnerability causes bogofilter to catch a "segmentation violation"
signal, which causes an immediate program abort.
The exact impact depends on the way bogofilter is integrated into the
system. In common setups, the mail that contains such malformed headers is
deferred by the mail delivery agent and remains in the queue, where it
will eventually bounce back to the sender.
Solution:
Upgrade your bogofilter to version 0.92.8.
bogofilter 0.92.8 is available from sourceforge:
<http://sourceforge.net/project/showfiles.php?group_id=62265&package_id=59357&release_id=277823>
http://sourceforge.net/project/showfiles.php?group_id=62265&package_id=59357&release_id=277823
Note that a broken-out bugfix patch is not available at this time, because
the reversion of the failure-inducing change is not a complete fix.
Besides, bogofilter is under development and support is limited to the
latest available "current" plus the latest available "stable" versions.
ADDITIONAL INFORMATION
The information has been provided by Antti-Juhani Kaijanaho, Clint Adams,
David Relson.
The original article can be found at:
<http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01>
http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any
kind.
In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages.
