Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 129337 - CAN-2004-0796 DOS attack open to certain malformed messages
CAN-2004-0796 DOS attack open to certain malformed messages
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: spamassassin (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Warren Togami
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-06 12:55 EDT by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-19 20:08:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
RHEL3 spamassassin patch (6.10 KB, patch)
2004-08-19 18:00 EDT, Josh Bressers 		no flags Details | Diff
Compressed POC message (13.07 KB, application/x-gzip)
2004-08-19 18:03 EDT, Josh Bressers 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:451 normal SHIPPED_LIVE Important: spamassassin security update 2004-09-30 00:00:00 EDT

  None (edit)
Description Josh Bressers 2004-08-06 12:55:30 EDT 
Release of new Upstream-Version 2.64

Summary of major changes since 2.63
- -----------------------------------
  - Security fix prevents a denial of service attack open to certain
    malformed messages; this DoS affects all SpamAssassin 2.5x
    and 2.6x versions to date.
  - Backported several very reliable rules from the SpamAssassin 3.0.0
    codebase.

FC[12] are handled by bug 129284

RHEL2.1 does not contain spamassassin, therefore is not affected.
Comment 1 Josh Bressers 2004-08-19 17:56:25 EDT 
OK, I have found the upstream fix for this DOS.  Here's the output of
my demo file

Fixed
cat 999  0.00s user 0.01s system 1% cpu 0.766 total
spamassassin  8.48s user 0.60s system 37% cpu 24.460 total

Not Fixed
cat 999  0.00s user 0.02s system 2% cpu 0.939 total
spamassassin  150.75s user 1.37s system 95% cpu 2:38.95 total

I'll attach the patch against the 3.0E src.rpm along with the demo file.
Comment 2 Josh Bressers 2004-08-19 18:00:10 EDT 
Created attachment 102901 [details]
RHEL3 spamassassin patch
Comment 3 Josh Bressers 2004-08-19 18:03:29 EDT 
Created attachment 102902 [details]
Compressed POC message

This message is 5 megs when uncompressed, so I opted to gzip it for sanity's
sake.
Comment 4 Josh Bressers 2004-08-25 09:40:00 EDT 
This is going to be RHSA-2004:451
Comment 6 Josh Bressers 2004-09-30 10:23:50 EDT 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-451.html
Comment 7 Pekka Savola 2004-12-19 13:06:20 EST 
It seems the patch may be incomplete.  It seems to be missing a change
to lib/Mail/SpamAssassin/Bayes.pm - tokenize_headers() was also
patched in 2.64 (vs the diff to 2.63).

I fear here may lurk a slightly different attack vector, but I have
not analyzed this in detail.

See comment #2 at https://bugzilla.fedora.us/show_bug.cgi?id=2268 for
more.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.