[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1132Date: (C)2010-03-27   (M)2023-12-22


The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1023691
EXPLOIT-DB-11662
http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html
BID-38578
SECUNIA-38840
SECUNIA-38956
SECUNIA-39265
OSVDB-62809
ADV-2010-0559
ADV-2010-0683
ADV-2010-0837
DSA-2021
FEDORA-2010-5096
FEDORA-2010-5112
FEDORA-2010-5176
http://bugs.debian.org/573228
https://bugzilla.redhat.com/show_bug.cgi?id=572117
https://savannah.nongnu.org/bugs/?29136
spamassassin-expand-command-execution(56732)

CWE    1
CWE-78
OVAL    4
oval:org.secpod.oval:def:100442
oval:org.secpod.oval:def:101066
oval:org.secpod.oval:def:100130
oval:org.mitre.oval:def:6723
...

© SecPod Technologies