Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 721566 (CVE-2005-1513, CVE-2005-1514, CVE-2005-1515) - <mail-mta/netqmail-1.06-r13: multiple vulnerabilities (CVE-2005-{1513,1514,1515})
Summary: <mail-mta/netqmail-1.06-r13: multiple vulnerabilities (CVE-2005-{1513,1514,15...
Status: RESOLVED FIXED
Alias: CVE-2005-1513, CVE-2005-1514, CVE-2005-1515
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://seclists.org/oss-sec/2020/q2/131
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-07 23:21 UTC by Thomas Deutschmann (RETIRED)
Modified: 2020-07-26 23:28 UTC (History)
2 users (show)

See Also:
Package list:
mail-mta/netqmail-1.06-r13 arm ppc ppc64 x86
Runtime testing required: ---
nattka: sanity-check+


Attachments
patch 1 (0001-fix-signedness-wraparound-in-substdio_put-CVE-2005-1.patch,1.78 KB, patch)
2020-05-18 16:31 UTC, Rolf Eike Beer
no flags Details | Diff
patch 2 (0002-fix-possible-signed-integer-overflow-in-commands-CVE.patch,972 bytes, patch)
2020-05-18 16:31 UTC, Rolf Eike Beer
no flags Details | Diff
patch 3 (0003-mimimum-fix-for-CVE-2005-1513.patch,2.31 KB, patch)
2020-05-18 16:31 UTC, Rolf Eike Beer
no flags Details | Diff
patch 4 (0004-fix-additional-length-overflows.patch,5.45 KB, patch)
2020-05-18 16:32 UTC, Rolf Eike Beer
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2020-05-07 23:21:35 UTC
Incoming details.
Comment 1 Rolf Eike Beer archtester 2020-05-18 16:31:02 UTC
Created attachment 640170 [details, diff]
patch 1
Comment 2 Rolf Eike Beer archtester 2020-05-18 16:31:28 UTC
Created attachment 640172 [details, diff]
patch 2
Comment 3 Rolf Eike Beer archtester 2020-05-18 16:31:51 UTC
Created attachment 640174 [details, diff]
patch 3
Comment 4 Rolf Eike Beer archtester 2020-05-18 16:32:11 UTC
Created attachment 640176 [details, diff]
patch 4
Comment 5 Rolf Eike Beer archtester 2020-05-18 16:33:44 UTC
Ok, these 4 patches would be what I put into the next ebuild. Additionally I would switch the pop3 useflag to -pop3 so only those that actually need that beast will get it.

Longterm idea is to switch that all to notqmail instead, where we will have even better patches shortly.
Comment 6 Rolf Eike Beer archtester 2020-05-18 21:34:44 UTC
The 2020 CVEs only affect the qmail-verify patch, which is not used by Gentoos ebuild.
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2020-05-19 17:38:23 UTC
Now public.
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-19 17:43:52 UTC
* CVE-2005-1513, CVE-2005-1514, CVE-2005-1515

These are the "classic" qmail RCE vulnerabilities.
Comment 9 Rolf Eike Beer archtester 2020-05-19 18:35:32 UTC
Please note that these are only _local_ exploits if you have not removed the softlimit line from the configuration.
Comment 10 Larry the Git Cow gentoo-dev 2020-05-19 18:44:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3cd7e2b9721dbbf24cd4a5f9135236418a9c0cfa

commit 3cd7e2b9721dbbf24cd4a5f9135236418a9c0cfa
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2020-05-19 14:16:07 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-19 18:36:35 +0000

    mail-mta/netqmail-1.06-r13: revbump for CVE-2005-1513, CVE-2005-1514, CVE-2005-1515
    
    Bug: https://bugs.gentoo.org/721566
    Signed-off-by: Rolf Eike Beer <kde@opensource.sf-tec.de>
    Closes: https://github.com/gentoo/gentoo/pull/15881
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 .../files/netqmail-1.06-CVE-2005-1513.patch        |  66 ++++++
 .../files/netqmail-1.06-CVE-2005-1514.patch        |  39 ++++
 .../files/netqmail-1.06-CVE-2005-1515.patch        |  64 ++++++
 .../netqmail/files/netqmail-1.06-overflows.patch   | 223 +++++++++++++++++++++
 mail-mta/netqmail/netqmail-1.06-r13.ebuild         | 203 +++++++++++++++++++
 5 files changed, 595 insertions(+)
Comment 11 Rolf Eike Beer archtester 2020-05-19 19:15:32 UTC
Arches, please stabilize.
Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev 2020-05-22 08:21:22 UTC
ppc64 stable
Comment 13 Sergei Trofimovich (RETIRED) gentoo-dev 2020-05-25 09:45:05 UTC
ppc stable
Comment 14 Agostino Sarubbo gentoo-dev 2020-06-03 18:42:51 UTC
arm stable
Comment 15 Agostino Sarubbo gentoo-dev 2020-06-04 06:36:55 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 16 Larry the Git Cow gentoo-dev 2020-06-04 14:10:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9748e68401dcb7e3059f3dc2640b770707b2d43a

commit 9748e68401dcb7e3059f3dc2640b770707b2d43a
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2020-06-04 06:55:22 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-06-04 14:10:38 +0000

    mail-mta/netqmail: drop vulnerable
    
    Bug: https://bugs.gentoo.org/721566
    Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 mail-mta/netqmail/netqmail-1.06-r12.ebuild | 199 -----------------------------
 1 file changed, 199 deletions(-)
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2020-07-26 23:28:57 UTC
This issue was resolved and addressed in
 GLSA 202007-01 at https://security.gentoo.org/glsa/202007-01
by GLSA coordinator Sam James (sam_c).