|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200703-02] SpamAssassin: Long URI Denial of Service Vulnerability Scan
Vulnerability Scan Summary SpamAssassin: Long URI Denial of Service
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200703-02
(SpamAssassin: Long URI Denial of Service)
SpamAssassin does not correctly handle very long URIs when scanning
emails.
Impact
A possible hacker could cause SpamAssassin to consume large amounts of CPU
and memory resources by sending one or more emails containing very long
URIs.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0451
Solution:
All SpamAssassin users should upgrade to the latest version.
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.8"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|