The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
CPE | Name | Operator | Version |
---|---|---|---|
spamassassin_milter_plugin | eq | 0.3.1 |
archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html
bugs.debian.org/573228
osvdb.org/62809
secunia.com/advisories/38840
secunia.com/advisories/38956
secunia.com/advisories/39265
www.debian.org/security/2010/dsa-2021
www.securityfocus.com/bid/38578
www.securitytracker.com/id?1023691
www.vupen.com/english/advisories/2010/0559
www.vupen.com/english/advisories/2010/0683
www.vupen.com/english/advisories/2010/0837
bugzilla.redhat.com/show_bug.cgi?id=572117
exchange.xforce.ibmcloud.com/vulnerabilities/56732
lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.html
lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.html
lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.html
savannah.nongnu.org/bugs/?29136
www.exploit-db.com/exploits/11662