[cvs] SF.net SVN: bogofilter:[7019] trunk/web/security
Fast Bayesian spam filter along lines suggested by Paul Graham
Brought to you by:
m-a
From: <m-...@us...> - 2014-11-12 00:08:35
|
Revision: 7019 http://sourceforge.net/p/bogofilter/code/7019 Author: m-a Date: 2014-11-12 00:08:24 +0000 (Wed, 12 Nov 2014) Log Message: ----------- Rename security announcements to let nginx's MIME type logic work. Modified Paths: -------------- trunk/web/security/index.html Added Paths: ----------- trunk/web/security/bogofilter-SA-2002-01.txt trunk/web/security/bogofilter-SA-2004-01.txt trunk/web/security/bogofilter-SA-2005-01.txt trunk/web/security/bogofilter-SA-2005-02.txt trunk/web/security/bogofilter-SA-2010-01.txt trunk/web/security/bogofilter-SA-2012-01.txt Removed Paths: ------------- trunk/web/security/bogofilter-SA-2002-01 trunk/web/security/bogofilter-SA-2004-01 trunk/web/security/bogofilter-SA-2005-01 trunk/web/security/bogofilter-SA-2005-02 trunk/web/security/bogofilter-SA-2010-01 trunk/web/security/bogofilter-SA-2012-01 Deleted: trunk/web/security/bogofilter-SA-2002-01 =================================================================== --- trunk/web/security/bogofilter-SA-2002-01 2014-07-22 17:40:08 UTC (rev 7018) +++ trunk/web/security/bogofilter-SA-2002-01 2014-11-12 00:08:24 UTC (rev 7019) @@ -1,96 +0,0 @@ -This security announcement is kept for historic reasons. The software -that was found to be vulnerable no longer ships with bogofilter. ------------------------------------------------------------------------ - -bogofilter-SA-2002:01.bogopass - -Topic: vulnerability in bogopass - -Announcement: bogofilter-SA-2002:01 -Writer: Matthias Andree -Version: 1.00 -Announced: 2002-11-29 -Category: contrib -Type: temporary file created insecurely -Impact: anonymous local file destruction or change -Credits: - -Danger: medium (the vulnerable version was replaced after 6 - hours, the vulnerable program is not installed - by default) -Bugtraq ID: 6278 -URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2002-01 - -Affects: bogofilter 0.9.0.4 (beta version) - -Not affected: bogofilter 0.9.0.3 and before - bogofilter 0.9.0.5 and newer - -Default install: unaffected. - -Introduced: 2002-11-27 23:04:28 UTC (CVS) - 2002-11-27 23:11 bogofilter 0.9.0.4 released - -Corrected: 2002-11-28 01:19:04 UTC (CVS) - disabled original version - 2002-11-28 03:32:47 UTC (CVS) - committed corrected version - 2002-11-28 04:26 bogofilter 0.9.0.5 released - -0. Release history - -2002-11-28 1.00 initial announcement -2004-10-28 added Bugtraq ID -2004-10-30 added URL - -1. Background - -Bogofilter is a software package to determine if a mail on its standard -input is spam or not. - -2. Problem description - -A vulnerability was found in the contrib/bogopass Perl program that was -added to bogofilter as of the 0.9.0.4 beta release (date: 2002-11-27 -23:04:28 UTC in CVS) with bogofilter, but is not installed by default. - -The bogopass program creates temporary files with the name -/tmp/bogopass.$$, where $$ is the process ID, with the open FH, ">file" -syntax of Perl, which uses O_TRUNC mode, not O_EXCL. - -3. Impact - -This vulnerability allows for anonymous file destruction or change, and -might be abused to further escalate the privileges of the local -attacker. - -If bogopass is run by the root user, this may eventually lead to a -complete system compromise. - -4. Workaround - -Do not install or use the "bogopass" program that shipped with the -vulnerable versions (see above) of bogofilter. - -5. Solution - -Upgrade your bogofilter to version 0.9.0.5 beta, and reinstall the -bogopass program. Make sure you delete all copies of the old version of -bogopass. - -bogofilter 0.9.0.5 is available from sourceforge: - -http://sourceforge.net/project/showfiles.php?group_id=62265&release_id=118794 - -6. Solution details - -revision 1.3 -date: 2002/11/28 03:32:47; author: m-a; state: Exp; lines: +67 -26 - -7. Other hints - -Software that treats user input should not run as root if it can be -avoided. When installing bogofilter for system-wide use, make sure that -it runs as an unprivileged user to limit the impact of possible -vulnerabilities. - -A. References - -bogofilter home page: http://bogofilter.sourceforge.net/ Copied: trunk/web/security/bogofilter-SA-2002-01.txt (from rev 7018, trunk/web/security/bogofilter-SA-2002-01) =================================================================== --- trunk/web/security/bogofilter-SA-2002-01.txt (rev 0) +++ trunk/web/security/bogofilter-SA-2002-01.txt 2014-11-12 00:08:24 UTC (rev 7019) @@ -0,0 +1,96 @@ +This security announcement is kept for historic reasons. The software +that was found to be vulnerable no longer ships with bogofilter. +----------------------------------------------------------------------- + +bogofilter-SA-2002:01.bogopass + +Topic: vulnerability in bogopass + +Announcement: bogofilter-SA-2002:01 +Writer: Matthias Andree +Version: 1.00 +Announced: 2002-11-29 +Category: contrib +Type: temporary file created insecurely +Impact: anonymous local file destruction or change +Credits: - +Danger: medium (the vulnerable version was replaced after 6 + hours, the vulnerable program is not installed + by default) +Bugtraq ID: 6278 +URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2002-01 + +Affects: bogofilter 0.9.0.4 (beta version) + +Not affected: bogofilter 0.9.0.3 and before + bogofilter 0.9.0.5 and newer + +Default install: unaffected. + +Introduced: 2002-11-27 23:04:28 UTC (CVS) + 2002-11-27 23:11 bogofilter 0.9.0.4 released + +Corrected: 2002-11-28 01:19:04 UTC (CVS) - disabled original version + 2002-11-28 03:32:47 UTC (CVS) - committed corrected version + 2002-11-28 04:26 bogofilter 0.9.0.5 released + +0. Release history + +2002-11-28 1.00 initial announcement +2004-10-28 added Bugtraq ID +2004-10-30 added URL + +1. Background + +Bogofilter is a software package to determine if a mail on its standard +input is spam or not. + +2. Problem description + +A vulnerability was found in the contrib/bogopass Perl program that was +added to bogofilter as of the 0.9.0.4 beta release (date: 2002-11-27 +23:04:28 UTC in CVS) with bogofilter, but is not installed by default. + +The bogopass program creates temporary files with the name +/tmp/bogopass.$$, where $$ is the process ID, with the open FH, ">file" +syntax of Perl, which uses O_TRUNC mode, not O_EXCL. + +3. Impact + +This vulnerability allows for anonymous file destruction or change, and +might be abused to further escalate the privileges of the local +attacker. + +If bogopass is run by the root user, this may eventually lead to a +complete system compromise. + +4. Workaround + +Do not install or use the "bogopass" program that shipped with the +vulnerable versions (see above) of bogofilter. + +5. Solution + +Upgrade your bogofilter to version 0.9.0.5 beta, and reinstall the +bogopass program. Make sure you delete all copies of the old version of +bogopass. + +bogofilter 0.9.0.5 is available from sourceforge: + +http://sourceforge.net/project/showfiles.php?group_id=62265&release_id=118794 + +6. Solution details + +revision 1.3 +date: 2002/11/28 03:32:47; author: m-a; state: Exp; lines: +67 -26 + +7. Other hints + +Software that treats user input should not run as root if it can be +avoided. When installing bogofilter for system-wide use, make sure that +it runs as an unprivileged user to limit the impact of possible +vulnerabilities. + +A. References + +bogofilter home page: http://bogofilter.sourceforge.net/ Deleted: trunk/web/security/bogofilter-SA-2004-01 =================================================================== --- trunk/web/security/bogofilter-SA-2004-01 2014-07-22 17:40:08 UTC (rev 7018) +++ trunk/web/security/bogofilter-SA-2004-01 2014-11-12 00:08:24 UTC (rev 7019) @@ -1,98 +0,0 @@ -bogofilter-SA-2004-01 rfc2047crash - -Topic: vulnerability in bogofilter/bogolexer - -Announcement: bogofilter-SA-2004-01 -Writer: Matthias Andree -Version: 1.01 -CVE id: CAN-2004-1007 -Announced: 2004-10-30 -Category: vulnerability -Type: segmentation fault through malformed input -Impact: denial of service -Credits: Antti-Juhani Kaijanaho, Clint Adams, David Relson -Danger: medium -URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01 - -Affected: bogofilter (stable) 0.92.6, 0.92.4, 0.92.0, 0.17.5 - bogofilter (current) 0.17.4 to 0.92.7 (inclusive) - -Not affected: bogofilter 0.17.3 and older - bogofilter 0.92.8 and newer - -Introduced: 2004-03-20 21:46:39 UTC (CVS) - 2004-03-20 22:20 bogofilter 0.17.4 released as current - 2004-04-02 01:00 bogofilter 0.17.5 released as stable - -Corrected: 2004-10-08 23:50:04 UTC (CVS) - committed corrected version - 2004-10-25 bogofilter 0.92.8 released as stable - 2004-10-26 recognized bug as a vulnerability - -References: Debian Bug #275373 - FreeBSD VuXML ID f4428842-a583-4a4c-89b7-297c3459a1c3 - FreeBSD Problem Report #73144 - CAN-2004-1007 - -0. Release history - -2004-10-28 0.01 initial draft for internal review -2004-10-30 0.02 minor revision, added URL -2004-10-30 1.00 minor revision by David Relson, published. -2004-11-03 1.01 Added CVE candidate number. - -1. Background - -Bogofilter is a software package to classify a mail as spam or -non-spam. It uses a data base to store words and must be trained -which mail are spam and non-spam. It uses the probabilities of -individual words for classifying the message. - -Bogofilter understands enough of MIME to decode headers and only -consider text parts of mail. - -2. Problem description - -Antti-Juhani Kaijanaho provided Debian with a test case that crashed -bogofilter 0.92.7. The problem was examined and tracked down to a change -in bogofilter's quoted-printable decoder that went into 0.17.4. - -The pertinent change allowed the quoted-printable decoder to accept LF -in encoded words but replaced it by a NUL character, which the calling -function inside bogofilter could not handle. It attempted to write a NUL -byte either one byte past the end of a buffer provided by the lexical -analyzer or to an address that was the negative of the address of the -first byte of the "encoded text" part of the encoded word that was -supposed to be decoded. - -It was decided to announce this as a vulnerability because bogofilter -cannot process the pertinent message. - -3. Impact - -This vulnerability causes bogofilter to catch a "segmentation violation" -signal, which causes an immediate program abort. - -The exact impact depends on the way bogofilter is integrated into the -system. In common setups, the mail that contains such malformed headers -is deferred by the mail delivery agent and remains in the queue, where -it will eventually bounce back to the sender. - -4. Workaround - -No reasonable workaround is known at this time. - -5. Solution - -Upgrade your bogofilter to version 0.92.8. - -bogofilter 0.92.8 is available from sourceforge: - -http://sourceforge.net/project/showfiles.php?group_id=62265&package_id=59357&release_id=277823 - -Note that a broken-out bugfix patch is not available at this time, -because the reversion of the failure-inducing change is not a complete -fix. Besides, bogofilter is under development and support is limited to -the latest available "current" plus the latest available "stable" -versions. - -END of bogofilter-SA-2004-01 rfc2047crash Copied: trunk/web/security/bogofilter-SA-2004-01.txt (from rev 7018, trunk/web/security/bogofilter-SA-2004-01) =================================================================== --- trunk/web/security/bogofilter-SA-2004-01.txt (rev 0) +++ trunk/web/security/bogofilter-SA-2004-01.txt 2014-11-12 00:08:24 UTC (rev 7019) @@ -0,0 +1,98 @@ +bogofilter-SA-2004-01 rfc2047crash + +Topic: vulnerability in bogofilter/bogolexer + +Announcement: bogofilter-SA-2004-01 +Writer: Matthias Andree +Version: 1.01 +CVE id: CAN-2004-1007 +Announced: 2004-10-30 +Category: vulnerability +Type: segmentation fault through malformed input +Impact: denial of service +Credits: Antti-Juhani Kaijanaho, Clint Adams, David Relson +Danger: medium +URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01 + +Affected: bogofilter (stable) 0.92.6, 0.92.4, 0.92.0, 0.17.5 + bogofilter (current) 0.17.4 to 0.92.7 (inclusive) + +Not affected: bogofilter 0.17.3 and older + bogofilter 0.92.8 and newer + +Introduced: 2004-03-20 21:46:39 UTC (CVS) + 2004-03-20 22:20 bogofilter 0.17.4 released as current + 2004-04-02 01:00 bogofilter 0.17.5 released as stable + +Corrected: 2004-10-08 23:50:04 UTC (CVS) - committed corrected version + 2004-10-25 bogofilter 0.92.8 released as stable + 2004-10-26 recognized bug as a vulnerability + +References: Debian Bug #275373 + FreeBSD VuXML ID f4428842-a583-4a4c-89b7-297c3459a1c3 + FreeBSD Problem Report #73144 + CAN-2004-1007 + +0. Release history + +2004-10-28 0.01 initial draft for internal review +2004-10-30 0.02 minor revision, added URL +2004-10-30 1.00 minor revision by David Relson, published. +2004-11-03 1.01 Added CVE candidate number. + +1. Background + +Bogofilter is a software package to classify a mail as spam or +non-spam. It uses a data base to store words and must be trained +which mail are spam and non-spam. It uses the probabilities of +individual words for classifying the message. + +Bogofilter understands enough of MIME to decode headers and only +consider text parts of mail. + +2. Problem description + +Antti-Juhani Kaijanaho provided Debian with a test case that crashed +bogofilter 0.92.7. The problem was examined and tracked down to a change +in bogofilter's quoted-printable decoder that went into 0.17.4. + +The pertinent change allowed the quoted-printable decoder to accept LF +in encoded words but replaced it by a NUL character, which the calling +function inside bogofilter could not handle. It attempted to write a NUL +byte either one byte past the end of a buffer provided by the lexical +analyzer or to an address that was the negative of the address of the +first byte of the "encoded text" part of the encoded word that was +supposed to be decoded. + +It was decided to announce this as a vulnerability because bogofilter +cannot process the pertinent message. + +3. Impact + +This vulnerability causes bogofilter to catch a "segmentation violation" +signal, which causes an immediate program abort. + +The exact impact depends on the way bogofilter is integrated into the +system. In common setups, the mail that contains such malformed headers +is deferred by the mail delivery agent and remains in the queue, where +it will eventually bounce back to the sender. + +4. Workaround + +No reasonable workaround is known at this time. + +5. Solution + +Upgrade your bogofilter to version 0.92.8. + +bogofilter 0.92.8 is available from sourceforge: + +http://sourceforge.net/project/showfiles.php?group_id=62265&package_id=59357&release_id=277823 + +Note that a broken-out bugfix patch is not available at this time, +because the reversion of the failure-inducing change is not a complete +fix. Besides, bogofilter is under development and support is limited to +the latest available "current" plus the latest available "stable" +versions. + +END of bogofilter-SA-2004-01 rfc2047crash Deleted: trunk/web/security/bogofilter-SA-2005-01 =================================================================== --- trunk/web/security/bogofilter-SA-2005-01 2014-07-22 17:40:08 UTC (rev 7018) +++ trunk/web/security/bogofilter-SA-2005-01 2014-11-12 00:08:24 UTC (rev 7019) @@ -1,98 +0,0 @@ -bogofilter-SA-2005-01 - -Topic: heap buffer overrun in bogofilter/bogolexer 0.93.5 - 0.96.2 - -Announcement: bogofilter-SA-2005-01 -Writer: Matthias Andree -Version: 1.00 -CVE ID: CVE-2005-4591 -Announced: 2006-01-02 -Category: vulnerability -Type: buffer overrun through malformed input -Impact: heap corruption, application crash -Credits: David Relson, Clint Adams -Danger: medium -URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01 - -Affected: bogofilter 0.96.2 - bogofilter 0.95.2 - bogofilter 0.94.14 - bogofilter 0.94.12 - all "current" versions from 0.93.5 to 0.96.2 inclusively - CVS between 2005-01-09T17:32Z and 2005-10-22T00:51Z - CVS between 2005-12-31T10:22Z and 2005-12-31T12:45Z - -Not affected: bogofilter 0.96.3 "current" (released 2005-10-26) - bogofilter 0.96.6 (released 2005-11-19) - bogofilter 1.0.0 (released 2005-12-01) - bogofilter 1.0.1 (released 2006-01-01) - -1. Background -============= - -Bogofilter is a software package for classifying a message as spam or -non-spam. It uses a data base to store words and must be trained -which messages are spam and non-spam. It uses the probabilities of -individual words for classifying the message. - -Note that the bogofilter project is issuing security announcements only -for current "stable" releases, and not necessarily for past "stable" -releases. - -2. Problem description -====================== - -When using Unicode databases (default in more recent bogofilter -installations), upon encountering invalid input sequences, bogofilter or -bogolexer could overrun a malloc()'d buffer, corrupting the heap, while -converting character sets. Bogofilter would usually be processing -untrusted data received from the network at that time. - -This problem was aggravated by an unrelated bug that made bogofilter -process binary attachments as though they were text, and attempt charset -conversion on them. Given the MIME default character set, US-ASCII, all -input octets in the range 0x80...0xff were considered invalid input -sequences and could trigger the heap corruption. - -The faulty code was first released with bogofilter "current" 0.93.5, -initially under the aegis of "./configure --enable-iconv", which was -later renamed "--enable-unicode" and enabled by default. - -3. Impact -========= - -Vulnerable bogofilter and bogolexer applications corrupt their heap and -crash. The consequences are dependent on the local configuration which -is up to the user; in common configurations, messages would be placed -back in the mail queue and ultimately be returned to the sender when the -mail queue lifetime expired, or they might be processed as though -bogofilter had classified them as "ham". - -The bogofilter maintainers are not aware of exploits against this -vulnerability in the wild. - -4. Solution -=========== - -Upgrade your bogofilter to version 1.0.1 (or a newer release). - -bogofilter is available from SourceForge: - -<https://sourceforge.net/project/showfiles.php?group_id=62265> - -A. Copyright, License and Warranty -================================== - -(C) Copyright 2005 - 2006 by Matthias Andree, <mat...@gm...>. -Some rights reserved. - -This work is licensed under the Creative Commons -Attribution-NonCommercial-NoDerivs German License. To view a copy of -this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/ -or send a letter to Creative Commons; 559 Nathan Abbott Way; -Stanford, California 94305; USA. - -THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. -Use the information herein at your own risk. - -END of bogofilter-SA-2005-01 Copied: trunk/web/security/bogofilter-SA-2005-01.txt (from rev 7018, trunk/web/security/bogofilter-SA-2005-01) =================================================================== --- trunk/web/security/bogofilter-SA-2005-01.txt (rev 0) +++ trunk/web/security/bogofilter-SA-2005-01.txt 2014-11-12 00:08:24 UTC (rev 7019) @@ -0,0 +1,98 @@ +bogofilter-SA-2005-01 + +Topic: heap buffer overrun in bogofilter/bogolexer 0.93.5 - 0.96.2 + +Announcement: bogofilter-SA-2005-01 +Writer: Matthias Andree +Version: 1.00 +CVE ID: CVE-2005-4591 +Announced: 2006-01-02 +Category: vulnerability +Type: buffer overrun through malformed input +Impact: heap corruption, application crash +Credits: David Relson, Clint Adams +Danger: medium +URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01 + +Affected: bogofilter 0.96.2 + bogofilter 0.95.2 + bogofilter 0.94.14 + bogofilter 0.94.12 + all "current" versions from 0.93.5 to 0.96.2 inclusively + CVS between 2005-01-09T17:32Z and 2005-10-22T00:51Z + CVS between 2005-12-31T10:22Z and 2005-12-31T12:45Z + +Not affected: bogofilter 0.96.3 "current" (released 2005-10-26) + bogofilter 0.96.6 (released 2005-11-19) + bogofilter 1.0.0 (released 2005-12-01) + bogofilter 1.0.1 (released 2006-01-01) + +1. Background +============= + +Bogofilter is a software package for classifying a message as spam or +non-spam. It uses a data base to store words and must be trained +which messages are spam and non-spam. It uses the probabilities of +individual words for classifying the message. + +Note that the bogofilter project is issuing security announcements only +for current "stable" releases, and not necessarily for past "stable" +releases. + +2. Problem description +====================== + +When using Unicode databases (default in more recent bogofilter +installations), upon encountering invalid input sequences, bogofilter or +bogolexer could overrun a malloc()'d buffer, corrupting the heap, while +converting character sets. Bogofilter would usually be processing +untrusted data received from the network at that time. + +This problem was aggravated by an unrelated bug that made bogofilter +process binary attachments as though they were text, and attempt charset +conversion on them. Given the MIME default character set, US-ASCII, all +input octets in the range 0x80...0xff were considered invalid input +sequences and could trigger the heap corruption. + +The faulty code was first released with bogofilter "current" 0.93.5, +initially under the aegis of "./configure --enable-iconv", which was +later renamed "--enable-unicode" and enabled by default. + +3. Impact +========= + +Vulnerable bogofilter and bogolexer applications corrupt their heap and +crash. The consequences are dependent on the local configuration which +is up to the user; in common configurations, messages would be placed +back in the mail queue and ultimately be returned to the sender when the +mail queue lifetime expired, or they might be processed as though +bogofilter had classified them as "ham". + +The bogofilter maintainers are not aware of exploits against this +vulnerability in the wild. + +4. Solution +=========== + +Upgrade your bogofilter to version 1.0.1 (or a newer release). + +bogofilter is available from SourceForge: + +<https://sourceforge.net/project/showfiles.php?group_id=62265> + +A. Copyright, License and Warranty +================================== + +(C) Copyright 2005 - 2006 by Matthias Andree, <mat...@gm...>. +Some rights reserved. + +This work is licensed under the Creative Commons +Attribution-NonCommercial-NoDerivs German License. To view a copy of +this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/ +or send a letter to Creative Commons; 559 Nathan Abbott Way; +Stanford, California 94305; USA. + +THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. +Use the information herein at your own risk. + +END of bogofilter-SA-2005-01 Deleted: trunk/web/security/bogofilter-SA-2005-02 =================================================================== --- trunk/web/security/bogofilter-SA-2005-02 2014-07-22 17:40:08 UTC (rev 7018) +++ trunk/web/security/bogofilter-SA-2005-02 2014-11-12 00:08:24 UTC (rev 7019) @@ -1,84 +0,0 @@ -bogofilter-SA-2005-02 - -Topic: heap buffer overrun in bogofilter/bogolexer 0.96.2 - -Announcement: bogofilter-SA-2005-02 -Writer: Matthias Andree -Version: 1.00 -CVE ID: CVE-2005-4592 -Announced: 2006-01-02 -Category: vulnerability -Type: buffer overrun through long input -Impact: heap corruption, application crash -Credits: David Relson, Clint Adams -Danger: medium -URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-02 - -Affected: bogofilter 0.96.2 - CVS between 2005-09-08T02:49Z and 2005-10-23T15:16Z - -Not affected: bogofilter 0.96.3 "current" (released 2005-10-26) - bogofilter 0.96.6 (released 2005-11-19) - bogofilter 1.0.0 (released 2005-12-01) - bogofilter 1.0.1 (released 2006-01-01) - -1. Background -============= - -Bogofilter is a software package for classifying a message as spam or -non-spam. It uses a data base to store words and must be trained -which messages are spam and non-spam. It uses the probabilities of -individual words for classifying the message. - -Note that the bogofilter project is issuing security announcements only -for current "stable" releases, and not necessarily for past "stable" -releases. - -2. Problem description -====================== - -Bogofilter's/bogolexer's input handling in version 0.96.2 was not -keeping track of its output buffers properly and could overrun a heap -buffer if the input contained words whose length exceeded 16,384 bytes, -the size of flex's input buffer. A "word" here refers to a contiguous -run of input octets that was not '_' and did not match at least one of -ispunct(), iscntrl() or isspace(). - -3. Impact -========= - -Vulnerable bogofilter and bogolexer applications corrupt their heap and -crash. The consequences are dependent on the local configuration which -is up to the user; in common configurations, messages would be placed -back in the mail queue and ultimately be returned to the sender when the -mail queue lifetime expired, or they might be processed as though -bogofilter had classified them as "ham". - -The bogofilter maintainers are not aware of exploits against this -vulnerability in the wild. - -4. Solution -=========== - -Upgrade your bogofilter to version 1.0.1 (or a newer release). - -bogofilter is available from SourceForge: - -<https://sourceforge.net/project/showfiles.php?group_id=62265> - -A. Copyright, License and Warranty -================================== - -(C) Copyright 2005 - 2006 by Matthias Andree, <mat...@gm...>. -Some rights reserved. - -This work is licensed under the Creative Commons -Attribution-NonCommercial-NoDerivs German License. To view a copy of -this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/ -or send a letter to Creative Commons; 559 Nathan Abbott Way; -Stanford, California 94305; USA. - -THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. -Use the information herein at your own risk. - -END of bogofilter-SA-2005-02 Copied: trunk/web/security/bogofilter-SA-2005-02.txt (from rev 7018, trunk/web/security/bogofilter-SA-2005-02) =================================================================== --- trunk/web/security/bogofilter-SA-2005-02.txt (rev 0) +++ trunk/web/security/bogofilter-SA-2005-02.txt 2014-11-12 00:08:24 UTC (rev 7019) @@ -0,0 +1,84 @@ +bogofilter-SA-2005-02 + +Topic: heap buffer overrun in bogofilter/bogolexer 0.96.2 + +Announcement: bogofilter-SA-2005-02 +Writer: Matthias Andree +Version: 1.00 +CVE ID: CVE-2005-4592 +Announced: 2006-01-02 +Category: vulnerability +Type: buffer overrun through long input +Impact: heap corruption, application crash +Credits: David Relson, Clint Adams +Danger: medium +URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-02 + +Affected: bogofilter 0.96.2 + CVS between 2005-09-08T02:49Z and 2005-10-23T15:16Z + +Not affected: bogofilter 0.96.3 "current" (released 2005-10-26) + bogofilter 0.96.6 (released 2005-11-19) + bogofilter 1.0.0 (released 2005-12-01) + bogofilter 1.0.1 (released 2006-01-01) + +1. Background +============= + +Bogofilter is a software package for classifying a message as spam or +non-spam. It uses a data base to store words and must be trained +which messages are spam and non-spam. It uses the probabilities of +individual words for classifying the message. + +Note that the bogofilter project is issuing security announcements only +for current "stable" releases, and not necessarily for past "stable" +releases. + +2. Problem description +====================== + +Bogofilter's/bogolexer's input handling in version 0.96.2 was not +keeping track of its output buffers properly and could overrun a heap +buffer if the input contained words whose length exceeded 16,384 bytes, +the size of flex's input buffer. A "word" here refers to a contiguous +run of input octets that was not '_' and did not match at least one of +ispunct(), iscntrl() or isspace(). + +3. Impact +========= + +Vulnerable bogofilter and bogolexer applications corrupt their heap and +crash. The consequences are dependent on the local configuration which +is up to the user; in common configurations, messages would be placed +back in the mail queue and ultimately be returned to the sender when the +mail queue lifetime expired, or they might be processed as though +bogofilter had classified them as "ham". + +The bogofilter maintainers are not aware of exploits against this +vulnerability in the wild. + +4. Solution +=========== + +Upgrade your bogofilter to version 1.0.1 (or a newer release). + +bogofilter is available from SourceForge: + +<https://sourceforge.net/project/showfiles.php?group_id=62265> + +A. Copyright, License and Warranty +================================== + +(C) Copyright 2005 - 2006 by Matthias Andree, <mat...@gm...>. +Some rights reserved. + +This work is licensed under the Creative Commons +Attribution-NonCommercial-NoDerivs German License. To view a copy of +this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/ +or send a letter to Creative Commons; 559 Nathan Abbott Way; +Stanford, California 94305; USA. + +THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. +Use the information herein at your own risk. + +END of bogofilter-SA-2005-02 Deleted: trunk/web/security/bogofilter-SA-2010-01 =================================================================== --- trunk/web/security/bogofilter-SA-2010-01 2014-07-22 17:40:08 UTC (rev 7018) +++ trunk/web/security/bogofilter-SA-2010-01 2014-11-12 00:08:24 UTC (rev 7019) @@ -1,108 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -bogofilter-SA-2010-01 - -Topic: heap corruption overrun in bogofilter/bogolexer - -Announcement: bogofilter-SA-2010-01 -Writer: Matthias Andree -Version: 1.0 -CVE ID: CVE-2010-2494 -Announced: 2010-07-07 -Category: vulnerability -Type: array index underflow/out of bounds write through invalid input -Impact: heap corruption, application crash -Credits: Julius Plenz -Danger: medium -URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01 - -Affected: bogofilter <= 1.2.1 - SVN checkouts before 2010-07-03 08:40 UTC - -Not affected: bogofilter 1.2.2 - -1. Background -============= - -Bogofilter is a software package for classifying a message as spam or -non-spam. It uses a data base to store words and must be trained -which messages are spam and non-spam. It uses the probabilities of -individual words for classifying the message. - -Note that the bogofilter project is issuing security announcements only -for current "stable" releases, and not necessarily for past "stable" -releases. - -2. Problem description -====================== - -Bogofilter's/bogolexer's base64 could overwrite memory before its heap -buffer if the base64 input started with an equals sign, such as through -misdeclaration of quoted-printable as base64. - -3. Impact -========= - -Vulnerable bogofilter and bogolexer applications can corrupt their heap and -crash. The consequences are dependent on the local configuration, memory -layout and operating system features. - -4. Solution -=========== - -Upgrade your bogofilter to version 1.2.2 (or a newer release). -This version may not yet be available when this security announcement is -issued. - -bogofilter is available from SourceForge: -<https://sourceforge.net/project/showfiles.php?group_id=62265> - - -Alternatively, this patch to 1.2.1 would fix the issue: -(Note that if you see "- -" at the beginnings of these lines, -you need to run this file through gnupg or pgp to strip the signature -and the "-"-escaping, or manually replace such line beginnings with -"-"). This is an SVN diff of base64.c between revisions 6766 and 6906 -and comprises two change sets: 6904 and 6906. - -- --- ./src/base64.c 2009/01/12 04:27:36 6766 -+++ ./src/base64.c 2010/07/03 08:39:44 6906 -@@ -61,8 +61,10 @@ - d[i] = c; - v = v >> 8; - } -- - d += 3 - shorten; -- - count += 3 - shorten; -+ if(shorten != 4) { -+ d += 3 - shorten; -+ count += 3 - shorten; -+ } - } - /* XXX do we need this NUL byte? */ - if (word->leng) - - -A. Copyright, License and Warranty -================================== - -(C) Copyright 2010 by Matthias Andree, <mat...@gm...>. -Some rights reserved. - -This work is licenced under the Creative Commons -Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy -of this licence, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ -or send a letter to Creative Commons, 171 Second Street, Suite 300, San -Francisco, California 94105, USA. - -THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. -Use the information herein at your own risk. - -END of bogofilter-SA-2010-01 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.12 (GNU/Linux) - -iEYEARECAAYFAkwzlAkACgkQvmGDOQUufZU2RgCg8eOMJ3Ig3FCuB4M5QVhoG84f -dfgAoJY1HmuaARWOTueXPJBhCSidC1LK -=7zZI ------END PGP SIGNATURE----- Copied: trunk/web/security/bogofilter-SA-2010-01.txt (from rev 7018, trunk/web/security/bogofilter-SA-2010-01) =================================================================== --- trunk/web/security/bogofilter-SA-2010-01.txt (rev 0) +++ trunk/web/security/bogofilter-SA-2010-01.txt 2014-11-12 00:08:24 UTC (rev 7019) @@ -0,0 +1,108 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +bogofilter-SA-2010-01 + +Topic: heap corruption overrun in bogofilter/bogolexer + +Announcement: bogofilter-SA-2010-01 +Writer: Matthias Andree +Version: 1.0 +CVE ID: CVE-2010-2494 +Announced: 2010-07-07 +Category: vulnerability +Type: array index underflow/out of bounds write through invalid input +Impact: heap corruption, application crash +Credits: Julius Plenz +Danger: medium +URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01 + +Affected: bogofilter <= 1.2.1 + SVN checkouts before 2010-07-03 08:40 UTC + +Not affected: bogofilter 1.2.2 + +1. Background +============= + +Bogofilter is a software package for classifying a message as spam or +non-spam. It uses a data base to store words and must be trained +which messages are spam and non-spam. It uses the probabilities of +individual words for classifying the message. + +Note that the bogofilter project is issuing security announcements only +for current "stable" releases, and not necessarily for past "stable" +releases. + +2. Problem description +====================== + +Bogofilter's/bogolexer's base64 could overwrite memory before its heap +buffer if the base64 input started with an equals sign, such as through +misdeclaration of quoted-printable as base64. + +3. Impact +========= + +Vulnerable bogofilter and bogolexer applications can corrupt their heap and +crash. The consequences are dependent on the local configuration, memory +layout and operating system features. + +4. Solution +=========== + +Upgrade your bogofilter to version 1.2.2 (or a newer release). +This version may not yet be available when this security announcement is +issued. + +bogofilter is available from SourceForge: +<https://sourceforge.net/project/showfiles.php?group_id=62265> + + +Alternatively, this patch to 1.2.1 would fix the issue: +(Note that if you see "- -" at the beginnings of these lines, +you need to run this file through gnupg or pgp to strip the signature +and the "-"-escaping, or manually replace such line beginnings with +"-"). This is an SVN diff of base64.c between revisions 6766 and 6906 +and comprises two change sets: 6904 and 6906. + +- --- ./src/base64.c 2009/01/12 04:27:36 6766 ++++ ./src/base64.c 2010/07/03 08:39:44 6906 +@@ -61,8 +61,10 @@ + d[i] = c; + v = v >> 8; + } +- - d += 3 - shorten; +- - count += 3 - shorten; ++ if(shorten != 4) { ++ d += 3 - shorten; ++ count += 3 - shorten; ++ } + } + /* XXX do we need this NUL byte? */ + if (word->leng) + + +A. Copyright, License and Warranty +================================== + +(C) Copyright 2010 by Matthias Andree, <mat...@gm...>. +Some rights reserved. + +This work is licenced under the Creative Commons +Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy +of this licence, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ +or send a letter to Creative Commons, 171 Second Street, Suite 300, San +Francisco, California 94105, USA. + +THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. +Use the information herein at your own risk. + +END of bogofilter-SA-2010-01 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.12 (GNU/Linux) + +iEYEARECAAYFAkwzlAkACgkQvmGDOQUufZU2RgCg8eOMJ3Ig3FCuB4M5QVhoG84f +dfgAoJY1HmuaARWOTueXPJBhCSidC1LK +=7zZI +-----END PGP SIGNATURE----- Deleted: trunk/web/security/bogofilter-SA-2012-01 =================================================================== --- trunk/web/security/bogofilter-SA-2012-01 2014-07-22 17:40:08 UTC (rev 7018) +++ trunk/web/security/bogofilter-SA-2012-01 2014-11-12 00:08:24 UTC (rev 7019) @@ -1,89 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -bogofilter-SA-2012-01 - -Topic: heap corruption overrun in bogofilter/bogolexer - -Announcement: bogofilter-SA-2012-01 -Writer: Matthias Andree -Version: 1.0 -CVE ID: CVE-2012-5468 -Announced: 2012-12-03 -Category: vulnerability -Type: out of bounds write through invalid input -Impact: heap corruption, application crash -Credits: Julius Plenz (FU Berlin, Germany) -Danger: medium -URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01 - -Affected: bogofilter <= 1.2.2 - SVN checkouts before 2012-10-19 UTC (-r6972) - -Not affected: bogofilter 1.2.3 (r6973) and newer - -1. Background -============= - -Bogofilter is a software package for classifying a message as spam or -non-spam. It uses a data base to store words and must be trained -which messages are spam and non-spam. It uses the probabilities of -individual words for classifying the message. - -Note that the bogofilter project is issuing security announcements only -for current "stable" releases, and not necessarily for past "stable" -releases. - -2. Problem description -====================== - -Julius Plenz figured out that bogofilter's/bogolexer's base64 could -overwrite heap memory in the character set conversion in certain -pathological cases of invalid base64 code that decodes to incomplete -multibyte characters. - -3. Impact -========= - -Vulnerable bogofilter/bogolexer applications can corrupt their heap and crash. - -4. Solution -=========== - -Upgrade your bogofilter to version 1.2.3 (or a newer release). - -bogofilter is available from SourceForge: -<https://sourceforge.net/project/showfiles.php?group_id=62265> - - -A. Copyright, License and Warranty -================================== - -(C) Copyright 2012 by Matthias Andree, <mat...@gm...>. -Some rights reserved. - -This work is licensed under the -Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0). - -To view a copy of this license, visit -http://creativecommons.org/licenses/by-nd/3.0/de/deed.en -or send a letter to: - -Creative Commons -444 Castro Street -Suite 900 -MOUNTAIN VIEW, CALIFORNIA 94041 -USA - - -THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. -Use the information herein at your own risk. - -END of bogofilter-SA-2012-01 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iEYEARECAAYFAlC9KosACgkQvmGDOQUufZUxXwCfdAbd4IgFVkuWmH7z65Wy1TT1 -SiAAoJRLEwWzYXv81dgdtR4jg7uHDrLQ -=gQie ------END PGP SIGNATURE----- Copied: trunk/web/security/bogofilter-SA-2012-01.txt (from rev 7018, trunk/web/security/bogofilter-SA-2012-01) =================================================================== --- trunk/web/security/bogofilter-SA-2012-01.txt (rev 0) +++ trunk/web/security/bogofilter-SA-2012-01.txt 2014-11-12 00:08:24 UTC (rev 7019) @@ -0,0 +1,89 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +bogofilter-SA-2012-01 + +Topic: heap corruption overrun in bogofilter/bogolexer + +Announcement: bogofilter-SA-2012-01 +Writer: Matthias Andree +Version: 1.0 +CVE ID: CVE-2012-5468 +Announced: 2012-12-03 +Category: vulnerability +Type: out of bounds write through invalid input +Impact: heap corruption, application crash +Credits: Julius Plenz (FU Berlin, Germany) +Danger: medium +URL: http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01 + +Affected: bogofilter <= 1.2.2 + SVN checkouts before 2012-10-19 UTC (-r6972) + +Not affected: bogofilter 1.2.3 (r6973) and newer + +1. Background +============= + +Bogofilter is a software package for classifying a message as spam or +non-spam. It uses a data base to store words and must be trained +which messages are spam and non-spam. It uses the probabilities of +individual words for classifying the message. + +Note that the bogofilter project is issuing security announcements only +for current "stable" releases, and not necessarily for past "stable" +releases. + +2. Problem description +====================== + +Julius Plenz figured out that bogofilter's/bogolexer's base64 could +overwrite heap memory in the character set conversion in certain +pathological cases of invalid base64 code that decodes to incomplete +multibyte characters. + +3. Impact +========= + +Vulnerable bogofilter/bogolexer applications can corrupt their heap and crash. + +4. Solution +=========== + +Upgrade your bogofilter to version 1.2.3 (or a newer release). + +bogofilter is available from SourceForge: +<https://sourceforge.net/project/showfiles.php?group_id=62265> + + +A. Copyright, License and Warranty +================================== + +(C) Copyright 2012 by Matthias Andree, <mat...@gm...>. +Some rights reserved. + +This work is licensed under the +Creative Commons Attribution-NoDerivs 3.0 Germany License (CC BY-ND 3.0). + +To view a copy of this license, visit +http://creativecommons.org/licenses/by-nd/3.0/de/deed.en +or send a letter to: + +Creative Commons +444 Castro Street +Suite 900 +MOUNTAIN VIEW, CALIFORNIA 94041 +USA + + +THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. +Use the information herein at your own risk. + +END of bogofilter-SA-2012-01 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iEYEARECAAYFAlC9KosACgkQvmGDOQUufZUxXwCfdAbd4IgFVkuWmH7z65Wy1TT1 +SiAAoJRLEwWzYXv81dgdtR4jg7uHDrLQ +=gQie +-----END PGP SIGNATURE----- Modified: trunk/web/security/index.html =================================================================== --- trunk/web/security/index.html 2014-07-22 17:40:08 UTC (rev 7018) +++ trunk/web/security/index.html 2014-11-12 00:08:24 UTC (rev 7019) @@ -25,30 +25,30 @@ <ul> <li><a - href="bogofilter-SA-2012-01">bogofilter-SA-2012-01/CVE-2012-5468:</a> + href="bogofilter-SA-2012-01.txt">bogofilter-SA-2012-01/CVE-2012-5468:</a> bogofilter/bogolexer heap buffer overrun with base64 input that decodes to invalid multi-byte characters (versions up to and including 1.2.2). <li><a - href="bogofilter-SA-2010-01">bogofilter-SA-2010-01/CVE-2010-2494:</a> + href="bogofilter-SA-2010-01.txt">bogofilter-SA-2010-01/CVE-2010-2494:</a> bogofilter/bogolexer heap buffer underrun (1 byte) with invalid base64 input (versions up to and including 1.2.1).</li> <li><a href= - "bogofilter-SA-2005-02">bogofilter-SA-2005-02/CVE-2005-4592:</a> + "bogofilter-SA-2005-02.txt">bogofilter-SA-2005-02/CVE-2005-4592:</a> bogofilter/bogolexer heap buffer overrun with words > 16 kBytes (version 0.96.2).</li> <li><a href= - "bogofilter-SA-2005-01">bogofilter-SA-2005-01/CVE-2005-4591:</a> + "bogofilter-SA-2005-01.txt">bogofilter-SA-2005-01/CVE-2005-4591:</a> bogofilter/bogolexer heap buffer overrun with invalid input sequences (0.93.5 ≤ versions ≤ 0.96.2).</li> <li><a href= - "bogofilter-SA-2004-01">bogofilter-SA-2004-01/CVE-2004-1007: + "bogofilter-SA-2004-01.txt">bogofilter-SA-2004-01/CVE-2004-1007: rfc2047crash:</a> RFC-2047 decoding vulnerability (0.17.4 ≤ versions ≤ 0.92.7).</li> - <li><a href="bogofilter-SA-2002-01">bogofilter-SA-2002-01:</a> + <li><a href="bogofilter-SA-2002-01.txt">bogofilter-SA-2002-01:</a> bogopass: contributed script insecure temporary file handling (version 0.9.0.4).</li> </ul> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |