SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability Network Vulnerability

Summary

SpamAssassin Milter Plugin is prone to a remote command- injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with root privileges. SpamAssassin Milter Plugin 0.3.1 is affected other versions may also be vulnerable.

References

http://savannah.nongnu.org/projects/spamass-milt/
http://seclists.org/fulldisclosure/2010/Mar/140
http://www.securityfocus.com/bid/38578

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1132
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Sendmail 8.7.*/8.8.* local overflow
SendMail Mail Relay Vulnerability
Sendmail DEBUG
IPSwitch IMail SMTP Buffer Overflow
Mail relaying (thorough test)

Take action and discover your vulnerabilities