Detections
Analytics

FreeBSD : bogofilter -- heap corruption through malformed input (92140bc9-7bde-11da-8ec4-0002b3b60e4c)

high Nessus Plugin ID 21475

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Matthias Andree reports :

When using Unicode databases (default in more recent bogofilter installations), upon encountering invalid input sequences, bogofilter or bogolexer could overrun a malloc()'d buffer, corrupting the heap, while converting character sets. Bogofilter would usually be processing untrusted data received from the network at that time.

This problem was aggravated by an unrelated bug that made bogofilter process binary attachments as though they were text, and attempt charset conversion on them. Given the MIME default character set, US-ASCII, all input octets in the range 0x80...0xff were considered invalid input sequences and could trigger the heap corruption.

Solution

Update the affected package.

See Also

http://bogofilter.sourceforge.net/security/bogofilter-SA-2005-01

http://www.nessus.org/u?73b5e01b

Plugin Details

Severity: High

ID: 21475

File Name: freebsd_pkg_92140bc97bde11da8ec40002b3b60e4c.nasl

Version: 1.11

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:bogofilter, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/7/2006

Vulnerability Publication Date: 10/22/2005

Reference Information

CVE: CVE-2005-4591