327657 – (CVE-2010-2494) <mail-filter/bogofilter-1.2.2: heap corruption overrun in bogofilter/bogolexer (CVE-2010-2494)

Bug 327657 (CVE-2010-2494) - <mail-filter/bogofilter-1.2.2: heap corruption overrun in bogofilter/bogolexer (CVE-2010-2494)

Summary: <mail-filter/bogofilter-1.2.2: heap corruption overrun in bogofilter/bogolexe...

Status:	RESOLVED FIXED

Alias:	CVE-2010-2494

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor
Assignee:	Gentoo Security

URL:	http://bogofilter.sourceforge.net/sec...
Whiteboard:	B3 [noglsa]
Keywords:

Duplicates (1):	329955 (view as bug list)
Depends on:
Blocks:

Reported:	2010-07-10 04:42 UTC by Torsten Veller (RETIRED)
Modified:	2010-08-12 07:54 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Torsten Veller (RETIRED) gentoo-dev

2010-07-10 04:42:43 UTC

| 2. Problem description
| ======================
| 
| Bogofilter's/bogolexer's base64 could overwrite memory before its heap
| buffer if the base64 input started with an equals sign, such as through
| misdeclaration of quoted-printable as base64.
| 
| 3. Impact
| =========
| 
| Vulnerable bogofilter and bogolexer applications can corrupt their heap and
| crash. The consequences are dependent on the local configuration, memory
| layout and operating system features.


1.2.2 is in the tree.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-07-26 16:13:20 UTC

CVE-2010-2494 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2494):
  Multiple buffer underflows in the base64 decoder in base64.c in (1)
  bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote
  attackers to cause a denial of service (heap memory corruption and
  application crash) via an e-mail message with invalid base64 data
  that begins with an = (equals) character.

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2010-07-26 16:23:45 UTC

*** Bug 329955 has been marked as a duplicate of this bug. ***

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2010-07-26 16:24:50 UTC

Arches, please test and mark stable:
=mail-filter/bogofilter-1.2.2
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"

Comment 4 Markus Meier gentoo-dev

2010-07-26 20:52:57 UTC

amd64/arm/x86 stable

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2010-07-29 15:45:30 UTC

Stable for HPPA PPC.

Comment 6 Raúl Porcel (RETIRED) gentoo-dev

2010-07-31 15:34:49 UTC

alpha/ia64/sh/sparc stable

Comment 7 Joe Jezak (RETIRED) gentoo-dev

2010-08-11 22:34:16 UTC

Marked ppc64 stable.

Comment 8 Torsten Veller (RETIRED) gentoo-dev

2010-08-12 07:26:48 UTC

all arches done

Comment 9 Alex Legler (RETIRED) archtester

2010-08-12 07:54:17 UTC

Closing noglsa as only DoS is confirmed. Please remove vulnerable versions from the tree.