Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title New spamass-milter packages fix regression
Informations
Name DSA-2021 First vendor Publication 2010-03-22
Vendor Debian Last vendor Modification 2010-04-26
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The latest DSA for spamass-milter introduced a regression: when running spamass-milter with -x, a zombie process is left around for every mail received. This update corrects this problem. For reference, the original advisory text is provided below.

It was discovered a missing input sanitization in spamass-milter, a milter used to filter mail through spamassassin. This allows a remote attacker to inject and execute arbitrary shell commands.

For the stable distribution (lenny), this problem has been fixed in version 0.3.1-8+lenny2.

For the testing (squeeze) and unstable (sid) distribution this problem has been fixed in version 0.3.1-9.

We recommend that you upgrade your spamass-milter package.

Original Source

Url : http://www.debian.org/security/2010/dsa-2021

CWE : Common Weakness Enumeration

% Id Name
13 % CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)
9 % CWE-200 Information Exposure
9 % CWE-20 Improper Input Validation
7 % CWE-532 Information Leak Through Log Files
7 % CWE-269 Improper Privilege Management
4 % CWE-732 Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)
4 % CWE-427 Uncontrolled Search Path Element
4 % CWE-306 Missing Authentication for Critical Function (CWE/SANS Top 25)
4 % CWE-295 Certificate Issues
4 % CWE-287 Improper Authentication
4 % CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
4 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
2 % CWE-755 Improper Handling of Exceptional Conditions
2 % CWE-611 Information Leak Through XML External Entity File Disclosure
2 % CWE-522 Insufficiently Protected Credentials (CWE/SANS Top 25)
2 % CWE-502 Deserialization of Untrusted Data
2 % CWE-426 Untrusted Search Path
2 % CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2 % CWE-330 Use of Insufficiently Random Values
2 % CWE-312 Cleartext Storage of Sensitive Information
2 % CWE-203 Information Exposure Through Discrepancy
2 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
2 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
2 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 21
Application 2
Application 1
Application 6
Application 1
Application 2
Application 11
Application 3
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 22
Application 1
Application 5
Application 1
Application 1
Application 1
Application 3
Application 27
Application 1
Application 1
Application 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 2
Os 2
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 8
Os 2
Os 2
Os 2
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 2
Os 2
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 1
Os 1
Os 2
Os 2
Os 1
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 2
Os 1
Os 1
Os 1
Os 2
Os 2
Os 2
Os 2
Os 2
Os 1
Os 1
Os 1
Os 1
Os 2
Os 2
Os 1
Os 1
Os 2
Os 1
Os 1
Os 2
Os 1
Os 2
Os 1
Os 1
Os 1
Os 2
Os 2
Os 1
Os 2
Os 1
Os 2
Os 2
Os 2
Os 2
Os 2
Os 1
Os 2
Os 2
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 2
Os 1
Os 2
Os 1
Os 2
Os 2
Os 2
Os 1
Os 1
Os 1
Os 2
Os 2
Os 2
Os 1
Os 1
Os 1
Os 2
Os 2
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 1
Os 1
Os 1
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 1
Os 2
Os 2
Os 2
Os 2
Os 1
Os 3
Os 2
Os 2
Os 2
Os 2
Os 2
Os 3
Os 2
Os 2
Os 2
Os 1
Os 2
Os 1
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 2
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 2
Os 2
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 2
Os 1
Os 1
Os 2
Os 2
Os 2
Os 2
Os 2
Os 2
Os 1
Os 1
Os 1
Os 2
Os 1
Os 2
Os 2
Os 1
Os 1
Os 2
Os 1
Os 2
Os 2
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 10

OpenVAS Exploits

Date Description
2010-05-14 Name : FreeBSD Ports: spamass-milter
File : nvt/freebsd_spamass-milter.nasl
2010-04-09 Name : Fedora Update for spamass-milter FEDORA-2010-5096
File : nvt/gb_fedora_2010_5096_spamass-milter_fc12.nasl
2010-04-09 Name : Fedora Update for spamass-milter FEDORA-2010-5176
File : nvt/gb_fedora_2010_5176_spamass-milter_fc11.nasl
2010-03-15 Name : SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injectio...
File : nvt/gb_spamassassin_milter_38578.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62809 SpamAssassin Milter Plugin spamass-milter.cpp mlfi_envrcpt Function Arbitrary...

SpamAssassin Milter Plugin contains a flaw that allows a remote attacker to execute arbitrary commands with root privileges. The issue is due to the plugin not properly sanitizing user input passed to the mlfi_envrcpt() function which calls the popen() function.

Metasploit Database

id Description
2021-05-04 Dell DBUtil_2_3.sys IOCTL memmove

Nessus® Vulnerability Scanner

Date Description
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5096.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5112.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5176.nasl - Type : ACT_GATHER_INFO
2010-05-07 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_7132c84258e211df8d800015587e2cc1.nasl - Type : ACT_GATHER_INFO
2010-03-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2021.nasl - Type : ACT_GATHER_INFO
2010-03-09 Name : Arbitrary commands can be executed on the remote SMTP server.
File : spamass_milter.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2021-05-14 21:23:08
  • Multiple Updates
2014-02-17 11:29:20
  • Multiple Updates