Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 223157
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: toto <toto@darkside.tomsk.ru>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 223157 depends on: Show dependency tree
Bug 223157 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-05-22 03:43 0000 
VERSION 3.1.8 -- 5/21/2008
  Fixed smtp_filter() to reject the DATA command if no valid recipients have
    been specified.  Otherwise, a specific scenario could result in every
    spamdyke installation being used as an open relay.  If the remote server
    connects and gives one or more recipients that are rejected (for relaying
or
    blacklisting), then gives the DATA command, spamdyke will ignore all other
    commands, assuming that message data is being transmitted.  However,
because
    all of the recipients were rejected, qmail will reject the DATA command.
    From that point on, the remote server can give as many recipients as it
    likes and spamdyke will ignore them all -- they will not be filtered at
all.
    After that, the remote server can give the DATA command and send the actual
    message data.  Because spamdyke is controlling relaying, the RELAYCLIENT
    environment variable is set and qmail won't check for relaying either.
    Thanks to Mirko Buffoni for reporting this one.
  Fixed compiling with gcc 3.4.6 (on old Gentoo installations), which requires
    a "-Wp,-Wno-trampolines" flag to suppress a warning about trampoline
    functions.  Thanks to Thorsten Puzich for reporting and helping me fix this
    one.
  Fixed compiling on CentOS 3.8, which installs the krb5.h in
    /usr/kerberos/include instead of /usr/include.  Thanks to Bruce Schreiber
    for reporting this one.
  Changed middleman() to reset the idle timeout timer while waiting for qmail's
    responses.  It's not fair to disconnect a remote server because qmail is
    running slow.  The connection timeout timer is always enforced, however.
  Fixed a bug in middleman() to reset the idle timeout timer every time data is
    read from the remote server.  Previously, the timer was only reset when
data
    was read and the buffer was empty.  This was causing large messages from
    fast remote servers to timeout during delivery.  Thanks to Eric Shubert for
    reporting and helping me fix this one.


thx =]

Reproducible: Always

------- Comment #1 From Tupone Alfredo 2008-05-23 07:47:53 0000 ------- 
Version bumped, now in portage. Thanks.

------- Comment #2 From toto 2008-05-24 13:08:30 0000 ------- 
Hi Tupone,
Can you always put x86 keyword for this packages, I alredy write bug #222829
about it =]
Thx.

------- Comment #3 From Robert Buchholz 2008-06-08 23:15:59 0000 ------- 
Secunia writes:

A vulnerability has been reported in spamdyke, which can be exploited by
malicious people to bypass certain security restrictions.

The vulnerability is caused due to "smtp_filter()" not properly restricting the
DATA command if no valid recipient was specified. This can be exploited to e.g.
abuse a spamdyke installation as open mail relay by sending a certain sequence
of recipient data and DATA commands.

The vulnerability is reported in versions prior to 3.1.8.

Solution:
Update to version 3.1.8.

Provided and/or discovered by:
The vendor credits Mirko Buffoni.

------- Comment #4 From Robert Buchholz 2008-06-08 23:17:04 0000 ------- 
Right now this ebuild is already bumped, but we have a keyword regression.

x86 team, please ~x86:
=mail-filter/spamdyke-3.1.8

------- Comment #5 From Christian Faulhammer 2008-06-09 09:11:38 0000 ------- 
24 May 2008; Tupone Alfredo <tupone@gentoo.org> spamdyke-3.1.8.ebuild:
  Adding again ~x86

------- Comment #6 From Matthias Geerdsen 2008-06-09 12:56:08 0000 ------- 
closing without GLSA, since it is not marked stable for any arch
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug