|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200506-17] SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability Vulnerability Scan
Vulnerability Scan Summary
SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200506-17
(SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability)
SpamAssassin and Vipul's Razor contain a Denial of Service
vulnerability when handling special misformatted long message headers.
Impact
By sending a specially crafted message a possible hacker could cause a
Denial of Service attack against the SpamAssassin/Vipul's Razor server.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1266
http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288@proton.pathname.com%3e
http://sourceforge.net/mailarchive/forum.php?thread_id=7520323&forum_id=4259
Solution:
All SpamAssassin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.0.4"
All Vipul's Razor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-filter/razor-2.71"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
