Bug 619847 - VUL-0: heap corruption overrun in bogofilter/bogolexer
VUL-0: heap corruption overrun in bogofilter/bogolexer
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
E-mail List
maint:released:11.0:34368 maint:relea...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-05 08:39 UTC by Sebastian Krahmer
Modified: 2010-12-02 15:04 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2010-07-05 08:39:31 UTC
this is public:


bogofilter-SA-2010-01

Topic:          heap corruption overrun in bogofilter/bogolexer

Announcement:   bogofilter-SA-2010-01
Writer:         Matthias Andree
Version:        0.1
CVE ID:
Announced:
Category:       vulnerability
Type:           array index underflow/out of bounds write through invalid input
Impact:         heap corruption, application crash
Credits:        Julius Plenz
Danger:         medium
URL:            http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01

Affected:       bogofilter <= 1.2.1
                SVN before 2010-07-03 08:40 UTC

Not affected:   bogofilter 1.2.2            (to be released)

1. Background
=============

Bogofilter is a software package for classifying a message as spam or
non-spam.  It uses a data base to store words and must be trained
which messages are spam and non-spam. It uses the probabilities of
individual words for classifying the message.

Note that the bogofilter project is issuing security announcements only
for current "stable" releases, and not necessarily for past "stable"
releases.

2. Problem description
======================

Bogofilter's/bogolexer's base64 could overwrite memory before its heap
buffer if the base64 input started with an equals sign, such as through
misdeclaration of quoted-printable as base64.

3. Impact
=========

Vulnerable bogofilter and bogolexer applications can corrupt their heap and
crash. The consequences are dependent on the local configuration, memory
layout and operating system features.

4. Solution
===========

Upgrade your bogofilter to version 1.2.2 (or a newer release).

bogofilter is available from SourceForge:

<https://sourceforge.net/project/showfiles.php?group_id=62265>

A. Copyright, License and Warranty
==================================

(C) Copyright 2010 by Matthias Andree, <matthias.andree@gmx.de>.
Some rights reserved.

This work is licenced under the Creative Commons
Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy
of this licence, visit http://creativecommons.org/licenses/by-nc-nd/3.0/
or send a letter to Creative Commons, 171 Second Street, Suite 300, San
Francisco, California 94105, USA.

THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.

END of bogofilter-SA-2010-01
Comment 1 Matthias Weckbecker 2010-07-05 15:35:09 UTC
On Sat, Jul 03, 2010 at 10:57:20AM +0200, Matthias Andree wrote:
> Affected:     bogofilter <= 1.2.1
>               SVN before 2010-07-03 08:40 UTC
> 
> Not affected: bogofilter 1.2.2            (to be released)

FYI, r6904 and r6906 seem to be related commits for the issue.

http://bogofilter.svn.sf.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=log

Regards,
Eren
Comment 5 Matthias Weckbecker 2010-07-07 07:53:51 UTC
CVE-2010-2494
Comment 6 Matthias Weckbecker 2010-07-07 07:57:03 UTC
Lars, thanks for your fast response. Please let us know when you have submitted fixed packages. I will create the patchinfos then.
Comment 7 Lars Müller 2010-07-07 08:38:29 UTC
Requests created:  42675 42676 42677

SLE 11 and 11 SP 1 are missing.  Am I correct?
Comment 8 Lars Müller 2010-07-07 09:12:57 UTC
SLE 11 GA created request id 7043
Comment 9 Lars Müller 2010-07-07 10:22:42 UTC
Request 42680 is for openSUSE Factory.
Comment 10 Matthias Weckbecker 2010-07-07 11:14:29 UTC
patchinfos submitted
Comment 11 Swamp Workflow Management 2010-07-26 16:46:28 UTC
Update released for: bogofilter, bogofilter-debuginfo, bogofilter-debugsource
Products:
openSUSE 11.0 (debug, i386, ppc, x86_64)
openSUSE 11.1 (debug, i586, ppc, x86_64)
openSUSE 11.2 (debug, i586, x86_64)
Comment 12 Swamp Workflow Management 2010-07-26 23:08:29 UTC
Update released for: bogofilter, bogofilter-debuginfo, bogofilter-debugsource
Products:
SLE-DEBUGINFO 11 (i386, x86_64)
SLE-DESKTOP 11 (i386, x86_64)
Comment 13 Swamp Workflow Management 2010-07-26 23:08:53 UTC
Update released for: bogofilter, bogofilter-debuginfo, bogofilter-debugsource
Products:
SLE-DESKTOP 11-SP1 (i386, x86_64)
Comment 14 Thomas Biege 2010-07-27 08:31:44 UTC
released
Comment 15 Lars Müller 2010-08-02 06:25:48 UTC
Please make this report public readable.  There is a reference from http://support.novell.com/security/cve/CVE-2010-2494.html
Comment 16 Thomas Biege 2010-08-02 09:53:05 UTC
made it public