Bug 142490 - VUL-0: bogofilter heap overflow
Summary: VUL-0: bogofilter heap overflow
Status: RESOLVED FIXED
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: Security (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: E-mail List
URL:
Whiteboard: CVE-2005-4592: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-11 08:24 UTC by Ludwig Nussel
Modified: 2009-10-13 20:47 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Patch for version 0.96.2 (16.34 KB, patch)
2006-01-23 15:18 UTC, Lars Müller 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2006-01-11 08:24:46 UTC 
The issue is public.

   Name CVE-2005-4591 (under review)
   Status Candidate
   Description Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2,
   0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using
   Unicode databases, allows remote attackers to cause a denial of service
   (crash) and possibly execute arbitrary code via "invalid input sequences"
   that lead to heap corruption when bogofilter or bogolexer converts character
   sets.
   [14]References
     * CONFIRM:http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01
     * BID:16171
     * URL:http://www.securityfocus.com/bid/16171
     * FRSIRT:ADV-2006-0100
     * URL:http://www.frsirt.com/english/advisories/2006/0100
     * SECUNIA:18352
     * URL:http://secunia.com/advisories/18352
Comment 1 Ludwig Nussel 2006-01-11 08:25:58 UTC 
   Name CVE-2005-4592 (under review)
   Status Candidate
   Description Heap-based buffer overflow in bogofilter and bogolexer 0.96.2
   allows remote attackers to cause a denial of service (crash) and possibly
   execute arbitrary code via words that are longer than the input buffer used
   by flex.
   [14]References
     * CONFIRM:http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-02
     * BID:16171
     * URL:http://www.securityfocus.com/bid/16171
     * FRSIRT:ADV-2006-0100
     * URL:http://www.frsirt.com/english/advisories/2006/0100
     * SECUNIA:18352
     * URL:http://secunia.com/advisories/18352
Comment 2 Lars Müller 2006-01-23 14:39:45 UTC 
http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01 and http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-02 suggests to upgrade to 1.0.1.

Andreas: Is this ok for all our products?  Non other package depends on bogofilter.
Comment 3 Lars Müller 2006-01-23 14:47:42 UTC 
Fixed package provided to the CODE 10 tree.
Comment 4 Lars Müller 2006-01-23 14:55:03 UTC 
1.0.1 builds fine for 9.1, 9.2, 9.3, and 10.0.
Comment 5 Andreas Jaeger 2006-01-23 14:57:56 UTC 
I'd like to see a patch for this.
Comment 6 Lars Müller 2006-01-23 15:18:25 UTC 
Created attachment 64518 [details]
Patch for version 0.96.2
Comment 7 Lars Müller 2006-01-23 15:25:22 UTC 
SL    bogofilter  vulnerable  CVE-2005-4591  CVE-2005-4592
 9.1  0.16.4                  no             no
 9.2  0.92.8                  no             no
 9.3  0.94.12                 yes            no
10.0  0.95.2                  yes            no

=> we only have to care about 9.3 and 10.0
Comment 8 Lars Müller 2006-01-23 15:30:08 UTC 
Andreas: I've added the requested patch with comment #6.  The patch has to backported for both affected SL products.

Backport or version update?
Comment 9 Andreas Jaeger 2006-01-23 15:31:42 UTC 
Backport
Comment 10 Lars Müller 2006-01-23 15:39:34 UTC 
Then I hand it over to Ludwig as I don't have the time.
Comment 11 Ludwig Nussel 2006-01-25 13:21:57 UTC 
Maintenance-Tracker-3410
Comment 12 Ludwig Nussel 2006-01-30 15:06:54 UTC 
updates released
Comment 13 Thomas Biege 2009-10-13 20:47:17 UTC 
CVE-2005-4592: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)