Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 707816 (CVE-2020-1930, CVE-2020-1931)

Summary: <mail-filter/spamassassin-3.4.4: rule configuration (.cf) files can be configured to run system commands (CVE-2020-1930, CVE-2020-1931)
Product: Gentoo Security Reporter: filip ambroz <filip.ambroz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: bug, gentoo_bugs_2_peep, hpdeifel, jstein, proxy-maint
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: All   
URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1930
See Also: https://github.com/gentoo/gentoo/pull/14527
https://github.com/gentoo/gentoo/pull/15129
Whiteboard: B3 [noglsa cve]
Package list:
mail-filter/spamassassin-3.4.4 dev-perl/BSD-Resource-1.291.100 arm64 dev-perl/Mozilla-CA-20999999 s390 net-dns/libidn-1.35 s390
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 702594    

Description filip ambroz 2020-02-01 21:53:42 UTC 
Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult.
Comment 1 Larry the Git Cow gentoo-dev 2020-02-03 06:38:08 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1b377ebfb6351d9c451fb8642c4fcb85c86e3de

commit d1b377ebfb6351d9c451fb8642c4fcb85c86e3de
Author:     Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
AuthorDate: 2020-02-02 00:08:13 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-02-03 06:37:52 +0000

    mail-filter/spamassassin: Bump to v3.4.4
    
    Bug: https://bugs.gentoo.org/707816
    Closes: https://github.com/gentoo/gentoo/pull/14527
    Package-Manager: Portage-2.3.84, Repoman-2.3.20
    Signed-off-by: Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 mail-filter/spamassassin/Manifest                  |   1 +
 mail-filter/spamassassin/spamassassin-3.4.4.ebuild | 284 +++++++++++++++++++++
 2 files changed, 285 insertions(+)
Comment 2 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-02-23 12:18:03 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-02-24 09:56:54 UTC 
s390 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-02-24 10:07:31 UTC 
arm stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-02-24 10:52:06 UTC 
sparc stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-02-24 12:54:40 UTC 
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-02-24 13:24:17 UTC 
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-02-24 14:19:39 UTC 
x86 stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-02-24 14:20:45 UTC 
ia64 stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2020-03-02 20:16:51 UTC 
hppa stable
Comment 11 Mart Raudsepp gentoo-dev 2020-03-14 21:09:36 UTC 
arm64 stable
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 18:20:15 UTC 
@maintainer(s), please cleanup by dropping vulnerable version mail-filter/spamassassin-3.4.3.
Comment 13 Larry the Git Cow gentoo-dev 2020-03-27 12:01:02 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5aa185a1decc48347bfa3943ebc6942ed8af3ea9

commit 5aa185a1decc48347bfa3943ebc6942ed8af3ea9
Author:     Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
AuthorDate: 2020-03-26 19:46:39 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-03-27 12:00:56 +0000

    mail-filter/spamassassin: Cleanup 3.4.3 ebuild
    
    dropping vulnerable version
    
    Bug: https://bugs.gentoo.org/707816
    Closes: https://github.com/gentoo/gentoo/pull/15129
    Package-Manager: Portage-2.3.89, Repoman-2.3.20
    Signed-off-by: Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 mail-filter/spamassassin/Manifest                  |   1 -
 mail-filter/spamassassin/spamassassin-3.4.3.ebuild | 284 ---------------------
 2 files changed, 285 deletions(-)
Comment 14 NATTkA bot gentoo-dev Security 2020-04-06 14:53:19 UTC 
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.