[Secure-testing-team] Re: Bug#332259: spampd fails with 'Error in
process_request': Modification of read-only variable in Syslog.pm
Sven Mueller
sven at incase.de
Wed Oct 5 20:25:30 UTC 2005
Package spampd
Tags 332259 +security
Severity 332259 critical
Thanks
Richard Wohlstadter wrote on 05/10/2005 16:56:
I will look into this issue as soon as possible, but due to some
technical difficulties, I might not get a chance to actually do so until
Tue, Oct. 18th 05.
I see this issue as a security issue (Denial of service), but if I don't
get to dig into the issue tomorrow, it is likely that I'm cut off from
the net until Tuesday after next.
Regards,
Sven
CC'ed the security and testing-security teams on this. Will try to give
feedback on wether or not I will be able to fix this in time tomorrow.
> Package: spampd
> Version: 2.20-9
>
> When processing an email with the following message id:
>
> Message-ID: <BF68565C.761C%mneff at biology2.wustl.edu>
>
> spampd would fail to process throwing the following error:
>
> Oct 4 16:38:29 linuscs32 spampd[30364]: WARNING!! Error in
> process_request eval block: Modification of a read-only value attempted
> at /usr/lib/perl/5.8/Sys/Syslog.pm line 312, <_GEN_18> line 67
>
> I removed the %(percent) sign from the message id and it worked so I
> assume having a % in the message id is causing the problem. Possibly an
> issue with syslog.pm using printf and misinterpreting the %??
>
> I am on Debian Sarge, vanilla kernel 2.6.10 and libc6 2.3.2.ds1-22
>
> Rich Wohlstadter
> GSC, Washington U. of St. Louis
>
More information about the Secure-testing-team
mailing list