Bug 611551 (CVE-2010-2494)

Summary: CVE-2010-2494 bogofilter: array index underflow/OOB write via invalid input
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adrian
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-06-15 21:38:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 611552    
Bug Blocks:    

Description Vincent Danen 2010-07-05 15:01:40 UTC 
A flaw was found in bogofilter's/bogolexer's base64 where it could overwrite memory before its heap buffer, if the base64 input started with an equals sign, such as through misdeclaration of quoted-printable as base64.  This would cause bogofilter/bogolexer to corrupt their heap and crash upon receiving such an email message.

Something is wrong with the bogofilter home page, the original referenced advisory [1] is currently unavailable, however a copy in svn [2] is.  This will also be corrected in upstream version 1.2.2; a patch [3] is available.  Please note that upstream version 1.2.2 is not yet available.

References:

[1] http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01
[2] http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?view=markup&pathrev=6909
[3] http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903


This affects bogofilter as shipped in Fedora 12 and 13, as well as EPEL5.
Comment 1 Vincent Danen 2010-07-05 15:02:44 UTC 
Created bogofilter tracking bugs for this issue

Affects: fedora-all [bug 611552]
Comment 2 Vincent Danen 2010-07-06 21:47:18 UTC 
This has been given the name CVE-2010-2494.
Comment 3 Vincent Danen 2011-06-15 21:38:44 UTC 
bogofilter 1.2.2 is in all current versions of Fedora.