Detections
Analytics

Debian DSA-2585-1 : bogofilter - buffer overflow

high Nessus Plugin ID 63269

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

A heap-based buffer overflow was discovered in bogofilter, a software package for classifying mail messages as spam or non-spam. Crafted mail messages with invalid base64 data could lead to heap corruption and, potentially, arbitrary code execution.

Solution

Upgrade the bogofilter packages.

For the stable distribution (squeeze), this problem has been fixed in version 1.2.2-2+squeeze1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695139

https://packages.debian.org/source/squeeze/bogofilter

https://www.debian.org/security/2012/dsa-2585

Plugin Details

Severity: High

ID: 63269

File Name: debian_DSA-2585.nasl

Version: 1.10

Type: local

Agent: unix

Published: 12/17/2012

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:bogofilter, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 12/11/2012

Reference Information

CVE: CVE-2012-5468

BID: 56804

DSA: 2585