bogofilter-SA-2005-01

Topic:		two vulnerabilities in bogofilter and bogolexer < 0.96.2

Announcement:	bogofilter-SA-2005-01
Writer:		Matthias Andree
Version:	1.00
CVE ID:		XXX
Announced:	XXX
Category:	vulnerability
Type:		segmentation fault through malformed input
Impact:		denial of service, heap corruption
Credits:	David Relson, Clint Adams
Danger:		medium
URL:		http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01

Affected:	bogofilter (stable)  0.96.2 and older

Not affected:	bogofilter 0.96.3 and newer
		bogofilter 0.96.6
		bogofilter 1.0.*

Corrected:	2005-10-22  committed corrected version to CVS repo
		2005-10-26  bogofilter 0.96.3 released as "current"
		2005-11-19  bogofilter 0.96.6 declared    "stable"
		2005-12-01  bogofilter 1.0.0  released

References:	


1. Background
=============

Bogofilter is a software package to classify a mail as spam or
non-spam.  It uses a data base to store words and must be trained
which mail are spam and non-spam. It uses the probabilities of
individual words for classifying the message.

The bugs were found in development "stable" releases before 1.0.0, so
it was not researched when the bugs have been introduced, all users
should migrate to bogofilter 1.0.0 or newer.

2. Problem description
======================

Two security relevant bugs were found in bogofilter 0.96.2 and fixed in
0.96.3:

i.   In some circumstances, bogofilter has overrun a malloc()'d buffer
     while converting character sets with untrusted data. The only
     observed problem so far was a crash, but we cannot rule out that
     code injection was possible.

ii.  In some circumstances, bogofilter would read past the end of a
     buffer, causing a program crash.

3. Impact
=========

Bogofilter crashed or corrupted its heap.

4. Workaround
=============

No reasonable workaround is known at this time.

5. Solution
===========

Upgrade your bogofilter to version 1.0.0 (or a newer release).

bogofilter is available from SourceForge:

https://sourceforge.net/project/showfiles.php?group_id=62265

A. Copyright, License and Warranty
==================================

(C) Copyright 2005 by Matthias Andree, <matthias.andree@gmx.de>.
Some rights reserved.

This work is licensed under the Creative Commons
Attribution-NonCommercial-NoDerivs German License. To view a copy of
this license, visit http://creativecommons.org/licenses/by-nc-nd/2.0/de/
or send a letter to Creative Commons; 559 Nathan Abbott Way;
Stanford, California 94305; USA.

THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES.
Use the information herein at your own risk.


END of bogofilter-SA-2005-01
