Bogofilter is a software package to determine if a mail on its standard input is SPAM or not. A vulnerability in the product allows local attackers to gain elevated privileges.
Credit:
The information has been provided by Matthias Andree.
Immune systems:
* Bogofilter version 0.9.0.3 and prior
* Bogofilter version 0.9.0.5 and newer
A vulnerability was found in the contrib/bogopass Perl program that was added to bogofilter as of the 0.9.0.4 beta release (date: 2002-11-27 23:04:28 UTC in CVS) with bogofilter, but is not installed by default.
The bogopass program creates temporary files with the name /tmp/bogopass.$$, where $$ is the process ID, with the open FH, ">file" syntax of Perl, which uses O_TRUNC mode, not O_EXCL.
Impact:
This vulnerability allows for anonymous file destruction or change, and might be abused to further escalate the privileges of the local attacker.
If bogopass is run by the root user, this may eventually lead to a complete system compromise.
Workaround:
Do not install or use the "bogopass" program that shipped with the vulnerable versions (see above) of bogofilter.
Solution:
Upgrade your bogofilter to version 0.9.0.5 beta, and reinstall the bogopass program. Make sure you delete all copies of the old version of bogopass.
Other hints:
Software that treats user input should not run as root if it can be avoided. When installing bogofilter for system-wide use, make sure that it runs as an unprivileged user to limit the impact of possible vulnerabilities.
