Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 310049 (CVE-2010-1132) - <mail-filter/spamass-milter-0.3.1-r4: Remote Root Attack (CVE-2010-1132)
Summary: <mail-filter/spamass-milter-0.3.1-r4: Remote Root Attack (CVE-2010-1132)
Status: RESOLVED FIXED
Alias: CVE-2010-1132
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://isc.sans.org/diary.html?storyi...
Whiteboard: B1 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-18 11:29 UTC by Andreis Vinogradovs ( slepnoga )
Modified: 2014-04-03 12:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
spamass-milter-0.3.1-r3.ebuild diff (ebuild.diff,520 bytes, patch)
2010-03-18 14:49 UTC, Andrey Korolyov 		no flags Details | Diff
patch from http://savannah.nongnu.org/bugs/index.php?29136 (popen.diff,5.96 KB, patch)
2010-03-18 14:50 UTC, Andrey Korolyov 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreis Vinogradovs ( slepnoga ) 2010-03-18 11:29:44 UTC 
SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
Upstream relized patch http://savannah.nongnu.org/bugs/index.php?29136
Comment 1 Andrey Korolyov 2010-03-18 14:49:54 UTC 
Created attachment 224125 [details, diff]
spamass-milter-0.3.1-r3.ebuild diff
Comment 2 Andrey Korolyov 2010-03-18 14:50:54 UTC 
Created attachment 224127 [details, diff]
patch from http://savannah.nongnu.org/bugs/index.php?29136
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-31 16:02:08 UTC 
net-mail: Please prepare an updated ebuild.
Comment 4 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-31 19:46:56 UTC 
CVE-2010-1132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1132):
  The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin
  Milter Plugin 0.3.1, when using the expand option, allows remote
  attackers to execute arbitrary system commands via shell
  metacharacters in the RCPT TO field of an email message.
Comment 5 Eray Aslan gentoo-dev 2011-06-08 12:25:47 UTC 
+*spamass-milter-0.3.1-r4 (08 Jun 2011)
+
+  08 Jun 2011; Eray Aslan <eras@gentoo.org> +spamass-milter-0.3.1-r4.ebuild,
+  +files/spamass-milter-auth_users.patch, +files/spamass-milter-header.patch,
+  +files/spamass-milter-popen.patch:
+  Security bump - bug #310049. Don't spam check authenticated users - bug
+  #265621. Fix received headers - bug #264304
+
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2011-06-08 14:47:38 UTC 
Great, thanks, Eray.

Arches, please test and mark stable:
=mail-filter/spamass-milter-0.3.1-r4
Target keywords : "sparc x86"
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-06-09 10:25:33 UTC 
x86 stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2011-06-12 11:48:32 UTC 
sparc keyword dropped
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-06-12 18:27:18 UTC 
Thanks, everyone. GLSA request filed.
Comment 10 Blu3 2011-07-06 17:36:17 UTC 
please update the popen patch to fix the waitpid issue.  current patch with -x quickly causes many thousands of zombies.

ref: comment #10 at http://savannah.nongnu.org/bugs/index.php?29136
Comment 11 Blu3 2011-07-06 18:31:51 UTC 
for those who wish to edit the patch in place rather than remake a new one or wait for an updated ebuild, append "pid" to the following line numbers as shown:

#35   char *popen_argv[3]; pid_t pid;
#64   p = popenv(popen_argv, "w", &pid);
#74   fclose(p); p = NULL; waitpid(pid, NULL, 0);
#102  char *popen_argv[4]; pid_t pid;
#122  p = popenv(popen_argv, "r", &pid);
#135  fclose(p); p = NULL; waitpid(pid, NULL, 0);
#157  FILE *popenv(char *const argv[], const char *type, pid_t *pid)
#169  switch (*pid = fork())
#231  FILE *popenv(char *const argv[], const char *type, pid_t *pid);

rebuild your digest,

ebuild spamass-milter-0.3.1-r4.ebuild digest

emerge the package again
Comment 12 Eray Aslan gentoo-dev 2011-07-09 12:08:29 UTC 
(In reply to comment #10)
> please update the popen patch to fix the waitpid issue.

Fixed in spamass-milter-0.3.1-r5.  Please open a seperate bug next time.
Comment 13 Andreis Vinogradovs ( slepnoga ) 2013-01-06 17:27:49 UTC 
Any changes her ?
Comment 14 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-04-03 12:02:37 UTC 
Fixed 4 years ago. Really long time.