SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
Upstream relized patch http://savannah.nongnu.org/bugs/index.php?29136
Created attachment 224125 [details, diff]
Created attachment 224127 [details, diff]
patch from http://savannah.nongnu.org/bugs/index.php?29136
net-mail: Please prepare an updated ebuild.
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin
Milter Plugin 0.3.1, when using the expand option, allows remote
attackers to execute arbitrary system commands via shell
metacharacters in the RCPT TO field of an email message.
+*spamass-milter-0.3.1-r4 (08 Jun 2011)
+ 08 Jun 2011; Eray Aslan <firstname.lastname@example.org> +spamass-milter-0.3.1-r4.ebuild,
+ +files/spamass-milter-auth_users.patch, +files/spamass-milter-header.patch,
+ Security bump - bug #310049. Don't spam check authenticated users - bug
+ #265621. Fix received headers - bug #264304
Great, thanks, Eray.
Arches, please test and mark stable:
Target keywords : "sparc x86"
sparc keyword dropped
Thanks, everyone. GLSA request filed.
please update the popen patch to fix the waitpid issue. current patch with -x quickly causes many thousands of zombies.
ref: comment #10 at http://savannah.nongnu.org/bugs/index.php?29136
for those who wish to edit the patch in place rather than remake a new one or wait for an updated ebuild, append "pid" to the following line numbers as shown:
#35 char *popen_argv; pid_t pid;
#64 p = popenv(popen_argv, "w", &pid);
#74 fclose(p); p = NULL; waitpid(pid, NULL, 0);
#102 char *popen_argv; pid_t pid;
#122 p = popenv(popen_argv, "r", &pid);
#135 fclose(p); p = NULL; waitpid(pid, NULL, 0);
#157 FILE *popenv(char *const argv, const char *type, pid_t *pid)
#169 switch (*pid = fork())
#231 FILE *popenv(char *const argv, const char *type, pid_t *pid);
rebuild your digest,
ebuild spamass-milter-0.3.1-r4.ebuild digest
emerge the package again
(In reply to comment #10)
> please update the popen patch to fix the waitpid issue.
Fixed in spamass-milter-0.3.1-r5. Please open a seperate bug next time.
Any changes her ?
Fixed 4 years ago. Really long time.