Gentoo: 200302-01 Critical: Mail-SpamAssassin Remote Code Execution Risk
gentoo
February 2, 2003
An attacker may be able to execute arbitrary code by sending a specially crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode.
Summary
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-01 - -------------------------------------------------------------------- DATE : 2003-02-02 13:25 UTC
- --------------------------------------------------------------------
From advisory:
"Attacker may be able to execute arbitrary code by sending a specially crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode (-B option). Versions from 2.40 to 2.43 are affected."
Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraq&m=104342896818777&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running dev-perl/Mail-SpamAssasin to Mail-SpamAssasin-2.44 as follows:
emerge sync emerge -u Mail-SpamAssasin emerge clean
- -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - --------------------------------------------------------------------
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : Mail-SpamAssasin
SUMMARY : arbitrary code execution
EXPLOIT : remote
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!