Summary: | <mail-filter/spamass-milter-0.3.1-r4: Remote Root Attack (CVE-2010-1132) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Andreis Vinogradovs ( slepnoga ) <andreis.vinogradovs> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | major | CC: | net-mail+disabled | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://isc.sans.org/diary.html?storyid=8434 | ||||||||
Whiteboard: | B1 [noglsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Andreis Vinogradovs ( slepnoga )
2010-03-18 11:29:44 UTC
Created attachment 224125 [details, diff]
spamass-milter-0.3.1-r3.ebuild diff
Created attachment 224127 [details, diff] patch from http://savannah.nongnu.org/bugs/index.php?29136 net-mail: Please prepare an updated ebuild. CVE-2010-1132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1132): The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message. +*spamass-milter-0.3.1-r4 (08 Jun 2011) + + 08 Jun 2011; Eray Aslan <eras@gentoo.org> +spamass-milter-0.3.1-r4.ebuild, + +files/spamass-milter-auth_users.patch, +files/spamass-milter-header.patch, + +files/spamass-milter-popen.patch: + Security bump - bug #310049. Don't spam check authenticated users - bug + #265621. Fix received headers - bug #264304 + Great, thanks, Eray. Arches, please test and mark stable: =mail-filter/spamass-milter-0.3.1-r4 Target keywords : "sparc x86" x86 stable sparc keyword dropped Thanks, everyone. GLSA request filed. please update the popen patch to fix the waitpid issue. current patch with -x quickly causes many thousands of zombies. ref: comment #10 at http://savannah.nongnu.org/bugs/index.php?29136 for those who wish to edit the patch in place rather than remake a new one or wait for an updated ebuild, append "pid" to the following line numbers as shown: #35 char *popen_argv[3]; pid_t pid; #64 p = popenv(popen_argv, "w", &pid); #74 fclose(p); p = NULL; waitpid(pid, NULL, 0); #102 char *popen_argv[4]; pid_t pid; #122 p = popenv(popen_argv, "r", &pid); #135 fclose(p); p = NULL; waitpid(pid, NULL, 0); #157 FILE *popenv(char *const argv[], const char *type, pid_t *pid) #169 switch (*pid = fork()) #231 FILE *popenv(char *const argv[], const char *type, pid_t *pid); rebuild your digest, ebuild spamass-milter-0.3.1-r4.ebuild digest emerge the package again (In reply to comment #10) > please update the popen patch to fix the waitpid issue. Fixed in spamass-milter-0.3.1-r5. Please open a seperate bug next time. Any changes her ? Fixed 4 years ago. Really long time. |