FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bogofilter -- RFC 2047 decoder denial-of-service vulnerability

Affected packages
0.17.4 <= bogofilter < 0.92.8
0.17.4 <= bogofilter-qdbm < 0.92.8
0.17.4 <= bogofilter-tdb < 0.92.8
0.17.4 <= ru-bogofilter < 0.92.8

Details

VuXML ID f4428842-a583-4a4c-89b7-297c3459a1c3
Discovery 2004-10-09
Entry 2004-10-26
Modified 2004-11-03

The bogofilter team has been provided with a test case of a malformatted (non-conformant) RFC-2047 encoded word that can cause bogofilter versions 0.92.7 and prior to try to write a NUL byte into a memory location that is either one byte past the end of a flex buffer or to a location that is the negative of the encoded word's start of payload data, causing a segmentation fault.

References

CVE Name CVE-2004-1007
FreeBSD PR 73144
Message 20041008143604.GA14934@scowler.net
Message m3r7o892vj.fsf@merlin.emma.line.org
URL http://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01
URL http://bugs.debian.org/275373