oss-sec mailing list archives
CVE Request -- SpamAssassin Mail Filter -- arbitrary shell command injection (priv esc)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 10 Mar 2010 12:03:03 +0100
Hi Steve, vendors, Security researcher called "Kingcope" pointed out: [1] http://lists.grok.org.uk/pipermail/full-disclosure/2010-March/073489.html a deficiency in the way Mail Filter plugin for the SpamAssassin spam filter sanitized certain mail header field, when spamass-milter was run with the expand flag (-x option). Affected versions: Flaw reported against v0.3.1. Others may be also affected. References: [2] http://secunia.com/advisories/38840/ [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573228 Could you allocate CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- SpamAssassin Mail Filter -- arbitrary shell command injection (priv esc) Jan Lieskovsky (Mar 10)
- Re: CVE Request -- SpamAssassin Mail Filter -- arbitrary shell command injection (priv esc) Steven M. Christey (Mar 26)