707816 – (CVE-2020-1930, CVE-2020-1931) <mail-filter/spamassassin-3.4.4: rule configuration (.cf) files can be configured to run system commands (CVE-2020-1930, CVE-2020-1931)

Bug 707816 (CVE-2020-1930, CVE-2020-1931) - <mail-filter/spamassassin-3.4.4: rule configuration (.cf) files can be configured to run system commands (CVE-2020-1930, CVE-2020-1931)

Summary: <mail-filter/spamassassin-3.4.4: rule configuration (.cf) files can be config...

Status:	RESOLVED FIXED

Alias:	CVE-2020-1930, CVE-2020-1931

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://cve.mitre.org/cgi-bin/cvename...
Whiteboard:	B3 [noglsa cve]
Keywords:	PullRequest

Depends on:
Blocks:	CVE-2018-11805, CVE-2019-12420
	Show dependency tree

Reported:	2020-02-01 21:53 UTC by filip ambroz
Modified:	2020-04-26 02:13 UTC (History)
CC List:	5 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/14527 https://github.com/gentoo/gentoo/pull/15129
Package list:	mail-filter/spamassassin-3.4.4 dev-perl/BSD-Resource-1.291.100 arm64 dev-perl/Mozilla-CA-20999999 s390 net-dns/libidn-1.35 s390
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description filip ambroz 2020-02-01 21:53:42 UTC

Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult.

Comment 1 Larry the Git Cow gentoo-dev

2020-02-03 06:38:08 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1b377ebfb6351d9c451fb8642c4fcb85c86e3de

commit d1b377ebfb6351d9c451fb8642c4fcb85c86e3de
Author:     Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
AuthorDate: 2020-02-02 00:08:13 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-02-03 06:37:52 +0000

    mail-filter/spamassassin: Bump to v3.4.4
    
    Bug: https://bugs.gentoo.org/707816
    Closes: https://github.com/gentoo/gentoo/pull/14527
    Package-Manager: Portage-2.3.84, Repoman-2.3.20
    Signed-off-by: Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 mail-filter/spamassassin/Manifest                  |   1 +
 mail-filter/spamassassin/spamassassin-3.4.4.ebuild | 284 +++++++++++++++++++++
 2 files changed, 285 insertions(+)

Comment 2 Mikle Kolyada (RETIRED) archtester

2020-02-23 12:18:03 UTC

amd64 stable

Comment 3 Agostino Sarubbo gentoo-dev

2020-02-24 09:56:54 UTC

s390 stable

Comment 4 Agostino Sarubbo gentoo-dev

2020-02-24 10:07:31 UTC

arm stable

Comment 5 Agostino Sarubbo gentoo-dev

2020-02-24 10:52:06 UTC

sparc stable

Comment 6 Agostino Sarubbo gentoo-dev

2020-02-24 12:54:40 UTC

ppc stable

Comment 7 Agostino Sarubbo gentoo-dev

2020-02-24 13:24:17 UTC

ppc64 stable

Comment 8 Agostino Sarubbo gentoo-dev

2020-02-24 14:19:39 UTC

x86 stable

Comment 9 Agostino Sarubbo gentoo-dev

2020-02-24 14:20:45 UTC

ia64 stable

Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev

2020-03-02 20:16:51 UTC

hppa stable

Comment 11 Mart Raudsepp gentoo-dev

2020-03-14 21:09:36 UTC

arm64 stable

Comment 12 Sam James archtester

2020-03-26 18:20:15 UTC

@maintainer(s), please cleanup by dropping vulnerable version mail-filter/spamassassin-3.4.3.

Comment 13 Larry the Git Cow gentoo-dev

2020-03-27 12:01:02 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5aa185a1decc48347bfa3943ebc6942ed8af3ea9

commit 5aa185a1decc48347bfa3943ebc6942ed8af3ea9
Author:     Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
AuthorDate: 2020-03-26 19:46:39 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-03-27 12:00:56 +0000

    mail-filter/spamassassin: Cleanup 3.4.3 ebuild
    
    dropping vulnerable version
    
    Bug: https://bugs.gentoo.org/707816
    Closes: https://github.com/gentoo/gentoo/pull/15129
    Package-Manager: Portage-2.3.89, Repoman-2.3.20
    Signed-off-by: Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 mail-filter/spamassassin/Manifest                  |   1 -
 mail-filter/spamassassin/spamassassin-3.4.3.ebuild | 284 ---------------------
 2 files changed, 285 deletions(-)

Comment 14 NATTkA bot gentoo-dev

2020-04-06 14:53:19 UTC

Resetting sanity check; keywords are not fully specified and arches are not CC-ed.