Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | New spamass-milter packages fix regression |
| Informations | |||
|---|---|---|---|
| Name | DSA-2021 | First vendor Publication | 2010-03-22 |
| Vendor | Debian | Last vendor Modification | 2010-04-26 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The latest DSA for spamass-milter introduced a regression: when running spamass-milter with -x, a zombie process is left around for every mail received. This update corrects this problem. For reference, the original advisory text is provided below. It was discovered a missing input sanitization in spamass-milter, a milter used to filter mail through spamassassin. This allows a remote attacker to inject and execute arbitrary shell commands. For the stable distribution (lenny), this problem has been fixed in version 0.3.1-8+lenny2. For the testing (squeeze) and unstable (sid) distribution this problem has been fixed in version 0.3.1-9. We recommend that you upgrade your spamass-milter package. |
Original Source
| Url : http://www.debian.org/security/2010/dsa-2021 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 13 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
| 9 % | CWE-20 | Improper Input Validation |
| 7 % | CWE-532 | Information Leak Through Log Files |
| 7 % | CWE-200 | Information Exposure |
| 5 % | CWE-269 | Improper Privilege Management |
| 4 % | CWE-732 | Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25) |
| 4 % | CWE-427 | Uncontrolled Search Path Element |
| 4 % | CWE-306 | Missing Authentication for Critical Function (CWE/SANS Top 25) |
| 4 % | CWE-295 | Certificate Issues |
| 4 % | CWE-287 | Improper Authentication |
| 4 % | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
| 4 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
| 2 % | CWE-782 | Exposed IOCTL with Insufficient Access Control (CWE/SANS Top 25) |
| 2 % | CWE-757 | Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
| 2 % | CWE-755 | Improper Handling of Exceptional Conditions |
| 2 % | CWE-639 | Access Control Bypass Through User-Controlled Key |
| 2 % | CWE-613 | Insufficient Session Expiration |
| 2 % | CWE-611 | Information Leak Through XML External Entity File Disclosure |
| 2 % | CWE-522 | Insufficiently Protected Credentials (CWE/SANS Top 25) |
| 2 % | CWE-502 | Deserialization of Untrusted Data |
| 2 % | CWE-426 | Untrusted Search Path |
| 2 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 2 % | CWE-331 | Insufficient Entropy |
| 2 % | CWE-330 | Use of Insufficiently Random Values |
| 2 % | CWE-321 | Use of Hard-coded Cryptographic Key |
| 2 % | CWE-312 | Cleartext Storage of Sensitive Information |
| 2 % | CWE-203 | Information Exposure Through Discrepancy |
| 2 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
| 2 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 2 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-14 | Name : FreeBSD Ports: spamass-milter File : nvt/freebsd_spamass-milter.nasl |
| 2010-04-09 | Name : Fedora Update for spamass-milter FEDORA-2010-5096 File : nvt/gb_fedora_2010_5096_spamass-milter_fc12.nasl |
| 2010-04-09 | Name : Fedora Update for spamass-milter FEDORA-2010-5176 File : nvt/gb_fedora_2010_5176_spamass-milter_fc11.nasl |
| 2010-03-15 | Name : SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injectio... File : nvt/gb_spamassassin_milter_38578.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 62809 | SpamAssassin Milter Plugin spamass-milter.cpp mlfi_envrcpt Function Arbitrary... SpamAssassin Milter Plugin contains a flaw that allows a remote attacker to execute arbitrary commands with root privileges. The issue is due to the plugin not properly sanitizing user input passed to the mlfi_envrcpt() function which calls the popen() function. |
Metasploit Database
| id | Description |
|---|---|
| 2021-05-04 | Dell DBUtil_2_3.sys IOCTL memmove |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5096.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5112.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5176.nasl - Type : ACT_GATHER_INFO |
| 2010-05-07 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7132c84258e211df8d800015587e2cc1.nasl - Type : ACT_GATHER_INFO |
| 2010-03-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2021.nasl - Type : ACT_GATHER_INFO |
| 2010-03-09 | Name : Arbitrary commands can be executed on the remote SMTP server. File : spamass_milter.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2021-05-14 21:23:08 |
|
| 2014-02-17 11:29:20 |
|
