Bug 142490

Summary: VUL-0: bogofilter heap overflow
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Ludwig Nussel <lnussel>
Component: SecurityAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVE-2005-4592: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Patch for version 0.96.2

Description Ludwig Nussel 2006-01-11 08:24:46 UTC 
The issue is public.

   Name CVE-2005-4591 (under review)
   Status Candidate
   Description Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2,
   0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using
   Unicode databases, allows remote attackers to cause a denial of service
   (crash) and possibly execute arbitrary code via "invalid input sequences"
   that lead to heap corruption when bogofilter or bogolexer converts character
   sets.
   [14]References
     * CONFIRM:http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01
     * BID:16171
     * URL:http://www.securityfocus.com/bid/16171
     * FRSIRT:ADV-2006-0100
     * URL:http://www.frsirt.com/english/advisories/2006/0100
     * SECUNIA:18352
     * URL:http://secunia.com/advisories/18352
Comment 1 Ludwig Nussel 2006-01-11 08:25:58 UTC 
   Name CVE-2005-4592 (under review)
   Status Candidate
   Description Heap-based buffer overflow in bogofilter and bogolexer 0.96.2
   allows remote attackers to cause a denial of service (crash) and possibly
   execute arbitrary code via words that are longer than the input buffer used
   by flex.
   [14]References
     * CONFIRM:http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-02
     * BID:16171
     * URL:http://www.securityfocus.com/bid/16171
     * FRSIRT:ADV-2006-0100
     * URL:http://www.frsirt.com/english/advisories/2006/0100
     * SECUNIA:18352
     * URL:http://secunia.com/advisories/18352
Comment 2 Lars Müller 2006-01-23 14:39:45 UTC 
http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01 and http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-02 suggests to upgrade to 1.0.1.

Andreas: Is this ok for all our products?  Non other package depends on bogofilter.
Comment 3 Lars Müller 2006-01-23 14:47:42 UTC 
Fixed package provided to the CODE 10 tree.
Comment 4 Lars Müller 2006-01-23 14:55:03 UTC 
1.0.1 builds fine for 9.1, 9.2, 9.3, and 10.0.
Comment 5 Andreas Jaeger 2006-01-23 14:57:56 UTC 
I'd like to see a patch for this.
Comment 6 Lars Müller 2006-01-23 15:18:25 UTC 
Created attachment 64518 [details]
Patch for version 0.96.2
Comment 7 Lars Müller 2006-01-23 15:25:22 UTC 
SL    bogofilter  vulnerable  CVE-2005-4591  CVE-2005-4592
 9.1  0.16.4                  no             no
 9.2  0.92.8                  no             no
 9.3  0.94.12                 yes            no
10.0  0.95.2                  yes            no

=> we only have to care about 9.3 and 10.0
Comment 8 Lars Müller 2006-01-23 15:30:08 UTC 
Andreas: I've added the requested patch with comment #6.  The patch has to backported for both affected SL products.

Backport or version update?
Comment 9 Andreas Jaeger 2006-01-23 15:31:42 UTC 
Backport
Comment 10 Lars Müller 2006-01-23 15:39:34 UTC 
Then I hand it over to Ludwig as I don't have the time.
Comment 11 Ludwig Nussel 2006-01-25 13:21:57 UTC 
Maintenance-Tracker-3410
Comment 12 Ludwig Nussel 2006-01-30 15:06:54 UTC 
updates released
Comment 13 Thomas Biege 2009-10-13 20:47:17 UTC 
CVE-2005-4592: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)