SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability Network Vulnerability

Summary

SpamAssassin Milter Plugin is prone to a remote command- injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with root privileges. SpamAssassin Milter Plugin 0.3.1 is affected other versions may also be vulnerable.

References

http://savannah.nongnu.org/projects/spamass-milt/
http://seclists.org/fulldisclosure/2010/Mar/140
http://www.securityfocus.com/bid/38578

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1132

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

GNU glibc Remote Heap Buffer Overflow Vulnerability (Exim)
Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability
Generic SMTP overflows
Sendmail long debug local overflow
Mail relaying (thorough test)

Take action and discover your vulnerabilities