SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability Upstream relized patch http://savannah.nongnu.org/bugs/index.php?29136
Created attachment 224125 [details, diff] spamass-milter-0.3.1-r3.ebuild diff
Created attachment 224127 [details, diff] patch from http://savannah.nongnu.org/bugs/index.php?29136
net-mail: Please prepare an updated ebuild.
CVE-2010-1132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1132): The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
+*spamass-milter-0.3.1-r4 (08 Jun 2011) + + 08 Jun 2011; Eray Aslan <eras@gentoo.org> +spamass-milter-0.3.1-r4.ebuild, + +files/spamass-milter-auth_users.patch, +files/spamass-milter-header.patch, + +files/spamass-milter-popen.patch: + Security bump - bug #310049. Don't spam check authenticated users - bug + #265621. Fix received headers - bug #264304 +
Great, thanks, Eray. Arches, please test and mark stable: =mail-filter/spamass-milter-0.3.1-r4 Target keywords : "sparc x86"
x86 stable
sparc keyword dropped
Thanks, everyone. GLSA request filed.
please update the popen patch to fix the waitpid issue. current patch with -x quickly causes many thousands of zombies. ref: comment #10 at http://savannah.nongnu.org/bugs/index.php?29136
for those who wish to edit the patch in place rather than remake a new one or wait for an updated ebuild, append "pid" to the following line numbers as shown: #35 char *popen_argv[3]; pid_t pid; #64 p = popenv(popen_argv, "w", &pid); #74 fclose(p); p = NULL; waitpid(pid, NULL, 0); #102 char *popen_argv[4]; pid_t pid; #122 p = popenv(popen_argv, "r", &pid); #135 fclose(p); p = NULL; waitpid(pid, NULL, 0); #157 FILE *popenv(char *const argv[], const char *type, pid_t *pid) #169 switch (*pid = fork()) #231 FILE *popenv(char *const argv[], const char *type, pid_t *pid); rebuild your digest, ebuild spamass-milter-0.3.1-r4.ebuild digest emerge the package again
(In reply to comment #10) > please update the popen patch to fix the waitpid issue. Fixed in spamass-milter-0.3.1-r5. Please open a seperate bug next time.
Any changes her ?
Fixed 4 years ago. Really long time.