Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 721566 (CVE-2005-1513, CVE-2005-1514, CVE-2005-1515) - <mail-mta/netqmail-1.06-r13: multiple vulnerabilities (CVE-2005-{1513,1514,1515})
Summary: <mail-mta/netqmail-1.06-r13: multiple vulnerabilities (CVE-2005-{1513,1514,15...
Status: RESOLVED FIXED
Alias: CVE-2005-1513, CVE-2005-1514, CVE-2005-1515
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://seclists.org/oss-sec/2020/q2/131
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-07 23:21 UTC by Thomas Deutschmann (RETIRED)
Modified: 2020-07-26 23:28 UTC (History)
2 users (show)

See Also:
Package list:
mail-mta/netqmail-1.06-r13 arm ppc ppc64 x86
Runtime testing required: ---
nattka: sanity-check+

Attachments
patch 1 (0001-fix-signedness-wraparound-in-substdio_put-CVE-2005-1.patch,1.78 KB, patch)
2020-05-18 16:31 UTC, Rolf Eike Beer 		no flags Details | Diff
patch 2 (0002-fix-possible-signed-integer-overflow-in-commands-CVE.patch,972 bytes, patch)
2020-05-18 16:31 UTC, Rolf Eike Beer 		no flags Details | Diff
patch 3 (0003-mimimum-fix-for-CVE-2005-1513.patch,2.31 KB, patch)
2020-05-18 16:31 UTC, Rolf Eike Beer 		no flags Details | Diff
patch 4 (0004-fix-additional-length-overflows.patch,5.45 KB, patch)
2020-05-18 16:32 UTC, Rolf Eike Beer 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2020-05-07 23:21:35 UTC 
Incoming details.
Comment 1 Rolf Eike Beer archtester 2020-05-18 16:31:02 UTC 
Created attachment 640170 [details, diff]
patch 1
Comment 2 Rolf Eike Beer archtester 2020-05-18 16:31:28 UTC 
Created attachment 640172 [details, diff]
patch 2
Comment 3 Rolf Eike Beer archtester 2020-05-18 16:31:51 UTC 
Created attachment 640174 [details, diff]
patch 3
Comment 4 Rolf Eike Beer archtester 2020-05-18 16:32:11 UTC 
Created attachment 640176 [details, diff]
patch 4
Comment 5 Rolf Eike Beer archtester 2020-05-18 16:33:44 UTC 
Ok, these 4 patches would be what I put into the next ebuild. Additionally I would switch the pop3 useflag to -pop3 so only those that actually need that beast will get it.

Longterm idea is to switch that all to notqmail instead, where we will have even better patches shortly.
Comment 6 Rolf Eike Beer archtester 2020-05-18 21:34:44 UTC 
The 2020 CVEs only affect the qmail-verify patch, which is not used by Gentoos ebuild.
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2020-05-19 17:38:23 UTC 
Now public.
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-19 17:43:52 UTC 
* CVE-2005-1513, CVE-2005-1514, CVE-2005-1515

These are the "classic" qmail RCE vulnerabilities.
Comment 9 Rolf Eike Beer archtester 2020-05-19 18:35:32 UTC 
Please note that these are only _local_ exploits if you have not removed the softlimit line from the configuration.
Comment 10 Larry the Git Cow gentoo-dev 2020-05-19 18:44:13 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3cd7e2b9721dbbf24cd4a5f9135236418a9c0cfa

commit 3cd7e2b9721dbbf24cd4a5f9135236418a9c0cfa
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2020-05-19 14:16:07 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-19 18:36:35 +0000

    mail-mta/netqmail-1.06-r13: revbump for CVE-2005-1513, CVE-2005-1514, CVE-2005-1515
    
    Bug: https://bugs.gentoo.org/721566
    Signed-off-by: Rolf Eike Beer <kde@opensource.sf-tec.de>
    Closes: https://github.com/gentoo/gentoo/pull/15881
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 .../files/netqmail-1.06-CVE-2005-1513.patch        |  66 ++++++
 .../files/netqmail-1.06-CVE-2005-1514.patch        |  39 ++++
 .../files/netqmail-1.06-CVE-2005-1515.patch        |  64 ++++++
 .../netqmail/files/netqmail-1.06-overflows.patch   | 223 +++++++++++++++++++++
 mail-mta/netqmail/netqmail-1.06-r13.ebuild         | 203 +++++++++++++++++++
 5 files changed, 595 insertions(+)
Comment 11 Rolf Eike Beer archtester 2020-05-19 19:15:32 UTC 
Arches, please stabilize.
Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev 2020-05-22 08:21:22 UTC 
ppc64 stable
Comment 13 Sergei Trofimovich (RETIRED) gentoo-dev 2020-05-25 09:45:05 UTC 
ppc stable
Comment 14 Agostino Sarubbo gentoo-dev 2020-06-03 18:42:51 UTC 
arm stable
Comment 15 Agostino Sarubbo gentoo-dev 2020-06-04 06:36:55 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 16 Larry the Git Cow gentoo-dev 2020-06-04 14:10:50 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9748e68401dcb7e3059f3dc2640b770707b2d43a

commit 9748e68401dcb7e3059f3dc2640b770707b2d43a
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2020-06-04 06:55:22 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-06-04 14:10:38 +0000

    mail-mta/netqmail: drop vulnerable
    
    Bug: https://bugs.gentoo.org/721566
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 mail-mta/netqmail/netqmail-1.06-r12.ebuild | 199 -----------------------------
 1 file changed, 199 deletions(-)
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2020-07-26 23:28:57 UTC 
This issue was resolved and addressed in
 GLSA 202007-01 at https://security.gentoo.org/glsa/202007-01
by GLSA coordinator Sam James (sam_c).