FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

spamass-milter -- remote command execution vulnerability

Affected packages
spamass-milter <= 0.3.1_8

Details

VuXML ID 7132c842-58e2-11df-8d80-0015587e2cc1
Discovery 2010-03-07
Entry 2010-05-06

The spamassassin milter plugin contains a vulnerability that can allow remote attackers to execute commands on affected systems.

The vulnerability can be exploited trough a special-crafted email header when the plugin was started with the '-x' (expand) flag.

References

CVE Name CVE-2010-1132
URL http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html
URL http://xforce.iss.net/xforce/xfdb/56732