Update of /cvsroot/bogofilter/bogofilter/doc
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20092
Re-add bogofilter-SA-2005-02, we have two separate CVE ids.
RCS file: /cvsroot/bogofilter/bogofilter/doc/Makefile.am,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -d -r1.58 -r1.59
--- Makefile.am 31 Dec 2005 12:24:54 -0000 1.58
+++ Makefile.am 2 Jan 2006 22:09:38 -0000 1.59
@@ -35,7 +35,7 @@
bogofilter-SA-2002-01 bogofilter-SA-2004-01 \
- bogofilter-SA-2005-01 \
+ bogofilter-SA-2005-01 bogofilter-SA-2005-02 \
--- NEW FILE: bogofilter-SA-2005-02 ---
Topic: heap buffer overrun in bogofilter/bogolexer 0.96.2
Writer: Matthias Andree
CVE ID: CVE-2005-4592
Type: buffer overrun through long input
Impact: heap corruption, application crash
Credits: David Relson, Clint Adams
Affected: bogofilter 0.96.2
CVS between 2005-09-08T02:49Z and 2005-10-23T15:16Z
Not affected: bogofilter 0.96.3 "current" (released 2005-10-26)
bogofilter 0.96.6 (released 2005-11-19)
bogofilter 1.0.0 (released 2005-12-01)
bogofilter 1.0.1 (released 2006-01-01)
Bogofilter is a software package to classify a mail as spam or non-spam.
It uses a data base to store words and must be trained which messages are
spam and non-spam. It uses the probabilities of individual words for
classifying the message.
Note that the bogofilter project is issuing security announcements only
for current "stable" releases, and not necessarily for past "stable"
2. Problem description
Bogofilter's/bogolexer's input handling in version 0.96.2 was not
keeping track of its output buffers properly and could overrun a heap
buffer if the input contained words whose length exceeded 16,384 bytes,
the size of flex's input buffer. A "word" here refers to a contiguous
run of input octets that was not '_' and did not match at least one of
ispunct(), iscntrl() or isspace().
Vulnerable bogofilter and bogolexer applications corrupt their heap and
crash. The consequences are dependent on the local configuration which
is up to the user; in common configurations, messages would be placed
back in the mail queue and ultimately be returned to the sender when the
mail queue lifetime expired, or they might be processed as though
bogofilter had classified them as "ham".
The bogofilter maintainers are not aware of exploits against this
vulnerability in the wild.
Upgrade your bogofilter to version 1.0.1 (or a newer release).
bogofilter is available from SourceForge:
A. Copyright, License and Warranty
(C) Copyright 2005 - 2006 by Matthias Andree, <matthias.andree@...>.
Some rights reserved.
This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs German License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
or send a letter to Creative Commons; 559 Nathan Abbott Way;
Stanford, California 94305; USA.
THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.
END of bogofilter-SA-2005-02