About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

>> VUPEN Security / Public Mailing Lists Mirror


Assigned : VUPEN/ADV-2006-0161

From : Martin Pitt <martin.pitt at canonical.com>
Subject : [USN-240-1] bogofilter vulnerability
Date : 2006-01-11

Original Message

===========================================================
Ubuntu Security Notice USN-240-1 January 11, 2006
bogofilter vulnerability
CVE-2005-4591
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

bogofilter

The problem can be corrected by upgrading the affected package to
version 0.95.2-1ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A buffer overflow was found in bogofilter's character set conversion
handling. Certain invalid UTF-8 character sequences caused an invalid
memory access. By sending a specially crafted email, a remote attacker
could exploit this to crash bogofilter or possibly even execute
arbitrary code with bogofilter's privileges.


Source archives:

http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.95.2-1ubuntu1.1.diff.gz
Size/MD5: 10848 a3a01223665479ed500aee9b64d9669a
http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.95.2-1ubuntu1.1.dsc
Size/MD5: 638 bfedbfb65a22f9a482bfa1356a7bd761
http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.95.2.orig.tar.gz
Size/MD5: 866258 bdca7acd8cccff1976ab2ceab075830a

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_0.95.2-1ubuntu1.1_amd64.deb
Size/MD5: 291350 8173d4c3d9c06420655d6b50c43c5b44
http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-common_0.95.2-1ubuntu1.1_amd64.deb
Size/MD5: 136588 f9ce89c4857c0d764100a72e22620a28
http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.95.2-1ubuntu1.1_amd64.deb
Size/MD5: 942 c4583a7d5ed114d1b23bdda9dff0b7db

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_0.95.2-1ubuntu1.1_i386.deb
Size/MD5: 237316 62e0348f1907d35d2a990a2c69543fb6
http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-common_0.95.2-1ubuntu1.1_i386.deb
Size/MD5: 136590 acbfe94471e877359dc0e910d9be52eb
http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.95.2-1ubuntu1.1_i386.deb
Size/MD5: 944 58e0b7482f9bc1a885940bfbf5d4c2ff

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-bdb_0.95.2-1ubuntu1.1_powerpc.deb
Size/MD5: 272064 05edb162837021bbcde1d6a3c7b5f1b4
http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter-common_0.95.2-1ubuntu1.1_powerpc.deb
Size/MD5: 136574 404fc07951bb7e614a55f15f6be9460c
http://security.ubuntu.com/ubuntu/pool/main/b/bogofilter/bogofilter_0.95.2-1ubuntu1.1_powerpc.deb
Size/MD5: 946 a4fefa7122015cad56364bb27e29baeb

Disclaimer : VUPEN Security does not endorse the content of this message submitted by others to public mailinglists. Messages submitted to public mailinglists do not necessarily reflect the opinions or policies of VUPEN Security. VUPEN Security makes no warranties, express or implied, as to the content of the message in this page or the accuracy and reliability of any messages and other materials submitted to public mailinglists. Any questions or comments regarding this page should be sent to team@vupen.com

 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Sep 2010


  Critical Risk

 : 14%

  High Risk		 : 3%

  Moderate Risk		 : 45%

  Low Risk		 : 38%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 


© 2004-2010 VUPEN Security - Copyright - Privacy Policy