which_access open -> closed
who_access open -> closed
max_which_hits 0 -> 1
Those would allow a spammer to harvest all subscriber addresses
if not changed by the list admin. Reported on
http://online.securityfocus.com/archive/1/310113/2003-02-03/2003-02-09/0
Don't restrict the which arguments as the article suggests, though,
because with which_access list and max_which_hits 1, there's no
reason to destroy a useful command.
--
Security Fix
This version fixes a buffer overflow with the rarely used
option 'progress=2' (triggered by long attachment names),
and some other buffer overflows, disables the "mail" program
by default.
Fixes a segfault with headers encoded as quoted printable,
fixes an expires option to work in incremental mode, and adds
delete_older and delete_newer options to limit archive by date.
brad@ ok
---cut---
Well, I was going to wait until 2.50 release, but it seems to be taking and
this likely affects only few installations. Besides, it's been in their
public bugzilla for over a month. So:
Attacker may be able to execute arbitrary code by sending a specially
crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode
(-B option). Versions from 2.40 to 2.43 are affected.
Exim users especially should check if they're affected, the -B option is
used in several Exim+SpamAssassin HOWTOs.
The problem is with escaping '.' characters at the beginning of lines.
Off-by-one bounds checking error allows writing '.' character past a
buffer, overwriting the stack frame address. Depending on system this may
be exploitable. Pre-built Debian unstable/x86 package wasn't vulnerable, my
self compiled was.
---cut---
--
relaydb is a mail header analyzer that builds a database of IP addresses
either known as legitimate senders or spammers.
relaydb doesn't itself classify mails as legitimate or spam, that deci
sion needs to be reached through other means. Neither does relaydb block
spam itself. It merely provides a list of IP addresses to block through
other means, like spamd(8) and pf(4).
relaydb reads a single mail from stdin, analyzes the Received: header
lines and updates blacklist and whitelist counters for each IP address.
WWW: http://www.benzedrine.cx/relaydb.html
Initial version submitted to dhartmei@ who came back to me with this.