oss-sec mailing list archives

CVE Request -- SpamAssassin Mail Filter -- arbitrary shell command injection (priv esc)

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 10 Mar 2010 12:03:03 +0100

Hi Steve, vendors,

  Security researcher called "Kingcope" pointed out:
  [1] http://lists.grok.org.uk/pipermail/full-disclosure/2010-March/073489.html

  a deficiency in the way Mail Filter plugin for the SpamAssassin
  spam filter sanitized certain mail header field, when spamass-milter
  was run with the expand flag (-x option).

  Affected versions:
    Flaw reported against v0.3.1. Others may be also affected.

  References:
    [2] http://secunia.com/advisories/38840/
    [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573228

  Could you allocate CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- SpamAssassin Mail Filter -- arbitrary shell command injection (priv esc) Jan Lieskovsky (Mar 10)
- Re: CVE Request -- SpamAssassin Mail Filter -- arbitrary shell command injection (priv esc) Steven M. Christey (Mar 26)