Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 707816 (CVE-2020-1930, CVE-2020-1931) - <mail-filter/spamassassin-3.4.4: rule configuration (.cf) files can be configured to run system commands (CVE-2020-1930, CVE-2020-1931)
Summary: <mail-filter/spamassassin-3.4.4: rule configuration (.cf) files can be config...
Status: RESOLVED FIXED
Alias: CVE-2020-1930, CVE-2020-1931
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: Normal minor with 1 vote (vote)
Assignee: Gentoo Security
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: B3 [noglsa cve]
Keywords: PullRequest
Depends on:
Blocks: CVE-2018-11805, CVE-2019-12420
  Show dependency tree
 
Reported: 2020-02-01 21:53 UTC by filip ambroz
Modified: 2020-04-26 02:13 UTC (History)
5 users (show)

See Also:
Package list:
mail-filter/spamassassin-3.4.4 dev-perl/BSD-Resource-1.291.100 arm64 dev-perl/Mozilla-CA-20999999 s390 net-dns/libidn-1.35 s390
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2020-02-01 21:53:42 UTC
Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult.
Comment 1 Larry the Git Cow gentoo-dev 2020-02-03 06:38:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1b377ebfb6351d9c451fb8642c4fcb85c86e3de

commit d1b377ebfb6351d9c451fb8642c4fcb85c86e3de
Author:     Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
AuthorDate: 2020-02-02 00:08:13 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-02-03 06:37:52 +0000

    mail-filter/spamassassin: Bump to v3.4.4
    
    Bug: https://bugs.gentoo.org/707816
    Closes: https://github.com/gentoo/gentoo/pull/14527
    Package-Manager: Portage-2.3.84, Repoman-2.3.20
    Signed-off-by: Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 mail-filter/spamassassin/Manifest                  |   1 +
 mail-filter/spamassassin/spamassassin-3.4.4.ebuild | 284 +++++++++++++++++++++
 2 files changed, 285 insertions(+)
Comment 2 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2020-02-23 12:18:03 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-02-24 09:56:54 UTC
s390 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-02-24 10:07:31 UTC
arm stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-02-24 10:52:06 UTC
sparc stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-02-24 12:54:40 UTC
ppc stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-02-24 13:24:17 UTC
ppc64 stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-02-24 14:19:39 UTC
x86 stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-02-24 14:20:45 UTC
ia64 stable
Comment 10 Sergei Trofimovich gentoo-dev 2020-03-02 20:16:51 UTC
hppa stable
Comment 11 Mart Raudsepp gentoo-dev 2020-03-14 21:09:36 UTC
arm64 stable
Comment 12 Sam James archtester gentoo-dev Security 2020-03-26 18:20:15 UTC
@maintainer(s), please cleanup by dropping vulnerable version mail-filter/spamassassin-3.4.3.
Comment 13 Larry the Git Cow gentoo-dev 2020-03-27 12:01:02 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5aa185a1decc48347bfa3943ebc6942ed8af3ea9

commit 5aa185a1decc48347bfa3943ebc6942ed8af3ea9
Author:     Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
AuthorDate: 2020-03-26 19:46:39 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-03-27 12:00:56 +0000

    mail-filter/spamassassin: Cleanup 3.4.3 ebuild
    
    dropping vulnerable version
    
    Bug: https://bugs.gentoo.org/707816
    Closes: https://github.com/gentoo/gentoo/pull/15129
    Package-Manager: Portage-2.3.89, Repoman-2.3.20
    Signed-off-by: Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 mail-filter/spamassassin/Manifest                  |   1 -
 mail-filter/spamassassin/spamassassin-3.4.3.ebuild | 284 ---------------------
 2 files changed, 285 deletions(-)
Comment 14 NATTkA bot gentoo-dev 2020-04-06 14:53:19 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.