FreeBSD Local Security Checks : FreeBSD Ports: spamass-milter

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67391

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: spamass-milter

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: spamass-milter

CVE-2010-1132
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter
Plugin 0.3.1, when using the expand option, allows remote attackers to
execute arbitrary system commands via shell metacharacters in the RCPT
TO field of an email message.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1132
BugTraq ID: 38578
http://www.securityfocus.com/bid/38578
Debian Security Information: DSA-2021 (Google Search)
http://www.debian.org/security/2010/dsa-2021
http://www.exploit-db.com/exploits/11662
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html
http://osvdb.org/62809
http://www.securitytracker.com/id?1023691
http://secunia.com/advisories/38840
http://secunia.com/advisories/38956
http://secunia.com/advisories/39265
http://www.vupen.com/english/advisories/2010/0559
http://www.vupen.com/english/advisories/2010/0683
http://www.vupen.com/english/advisories/2010/0837
XForce ISS Database: spamassassin-expand-command-execution(56732)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56732

Copyright Copyright (C) 2010 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67391
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: spamass-milter
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: spamass-milter CVE-2010-1132 The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1132 BugTraq ID: 38578 http://www.securityfocus.com/bid/38578 Debian Security Information: DSA-2021 (Google Search) http://www.debian.org/security/2010/dsa-2021 http://www.exploit-db.com/exploits/11662 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.html http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html http://osvdb.org/62809 http://www.securitytracker.com/id?1023691 http://secunia.com/advisories/38840 http://secunia.com/advisories/38956 http://secunia.com/advisories/39265 http://www.vupen.com/english/advisories/2010/0559 http://www.vupen.com/english/advisories/2010/0683 http://www.vupen.com/english/advisories/2010/0837 XForce ISS Database: spamassassin-expand-command-execution(56732) https://exchange.xforce.ibmcloud.com/vulnerabilities/56732
Copyright	Copyright (C) 2010 E-Soft Inc.