Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-1132 | First vendor Publication | 2010-03-27 |
| Vendor | Cve | Last vendor Modification | 2017-08-17 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1132 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-14 | Name : FreeBSD Ports: spamass-milter File : nvt/freebsd_spamass-milter.nasl |
| 2010-04-09 | Name : Fedora Update for spamass-milter FEDORA-2010-5096 File : nvt/gb_fedora_2010_5096_spamass-milter_fc12.nasl |
| 2010-04-09 | Name : Fedora Update for spamass-milter FEDORA-2010-5176 File : nvt/gb_fedora_2010_5176_spamass-milter_fc11.nasl |
| 2010-03-15 | Name : SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injectio... File : nvt/gb_spamassassin_milter_38578.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 62809 | SpamAssassin Milter Plugin spamass-milter.cpp mlfi_envrcpt Function Arbitrary... SpamAssassin Milter Plugin contains a flaw that allows a remote attacker to execute arbitrary commands with root privileges. The issue is due to the plugin not properly sanitizing user input passed to the mlfi_envrcpt() function which calls the popen() function. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5096.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5112.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5176.nasl - Type : ACT_GATHER_INFO |
| 2010-05-07 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7132c84258e211df8d800015587e2cc1.nasl - Type : ACT_GATHER_INFO |
| 2010-03-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2021.nasl - Type : ACT_GATHER_INFO |
| 2010-03-09 | Name : Arbitrary commands can be executed on the remote SMTP server. File : spamass_milter.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:11:27 |
|
| 2021-04-22 01:11:54 |
|
| 2020-05-23 00:25:30 |
|
| 2017-08-17 09:22:57 |
|
| 2016-06-28 18:06:10 |
|
| 2016-04-26 19:41:31 |
|
| 2014-02-17 10:54:24 |
|
| 2013-05-10 23:21:10 |
|
