Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:8916
HistoryJun 21, 2005 - 12:00 a.m.

[Full-disclosure] [ GLSA 200506-17 ] SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability

2005-06-2100:00:00
vulners.com
10

0.214 Low

EPSS

Percentile

96.5%

JSON

Gentoo Linux Security Advisory GLSA 200506-17

                                        http://security.gentoo.org/

Severity: Normal
Title: SpamAssassin 3, Vipul's Razor: Denial of Service
vulnerability
Date: June 21, 2005
Bugs: #94722, #95492
ID: 200506-17

Synopsis

SpamAssassin and Vipul's Razor are vulnerable to a Denial of Service
attack when handling certain malformed messages.

Background

SpamAssassin is an extensible email filter which is used to identify
junk email. Vipul's Razor is a client for a distributed, collaborative
spam detection and filtering network.

Affected packages

-------------------------------------------------------------------
 Package                   /  Vulnerable  /             Unaffected
-------------------------------------------------------------------

1 mail-filter/spamassassin < 3.0.4 >= 3.0.4
< 3.0.1
2 mail-filter/razor < 2.71 >= 2.71
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------

Description

SpamAssassin and Vipul's Razor contain a Denial of Service
vulnerability when handling special misformatted long message headers.

Impact

By sending a specially crafted message an attacker could cause a Denial
of Service attack against the SpamAssassin/Vipul's Razor server.

Workaround

There is no known workaround at this time.

Resolution

All SpamAssassin users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=mail-filter/spamassassin-3.0.4&quot;

All Vipul's Razor users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=mail-filter/razor-2.71&quot;

References

[ 1 ] CAN-2005-1266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266
[ 2 ] SpamAssassin Announcement

http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/&#37;[email protected]&#37;3e
[ 3 ] Vipul's Razor Announcement
http://sourceforge.net/mailarchive/forum.php?thread_id=7520323&forum_id=4259

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200506-17.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Related

suse 1
openvas 6
debian 4
cve 1
redhat 1
nessus 8
ubuntucve 1
nvd 1
debiancve 1
cvelist 1
freebsd 1
checkpoint_advisories 1
centos 1
gentoo 1
suse
suse
remote denial of service in spamassassin
2005-06-22 15:07:21
openvas
openvas
FreeBSD Ports: p5-Mail-SpamAssassin
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200506-17 (SpamAssassin, Vipul's Razor)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-736-2)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 736-1] New spamassassin packages fix potential DOS
2005-07-01 02:12:06
[SECURITY] [DSA 736-2] New spamassassin packages fix potential DOS
2005-07-08 01:14:40
[SECURITY] [DSA 736-1] New spamassassin packages fix potential DOS
2005-07-01 02:12:06
cve
cve
CVE-2005-1266
2005-06-22 04:00:00
redhat
redhat
(RHSA-2005:498) spamassassin security update
2005-06-23 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : spamassassin (MDKSA-2005:106)
2005-06-28 00:00:00
Debian DSA-736-1 : spamassassin - remote denial of service
2005-07-01 00:00:00
SUSE-SA:2005:033: spamassassin
2005-07-20 00:00:00
ubuntucve
ubuntucve
CVE-2005-1266
2005-06-15 00:00:00
nvd
nvd
CVE-2005-1266
2005-06-15 04:00:00
debiancve
debiancve
CVE-2005-1266
2005-06-22 04:00:00
cvelist
cvelist
CVE-2005-1266
2005-06-22 04:00:00
freebsd
freebsd
p5-Mail-SpamAssassin -- denial of service vulnerability
2005-06-15 00:00:00
checkpoint_advisories
checkpoint_advisories
SpamAssassin Malformed Email Header Denial Of Service (CVE-2005-1266)
2009-11-11 00:00:00
centos
centos
spamassassin security update
2005-06-23 20:26:18
gentoo
gentoo
SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability
2005-06-21 00:00:00

0.214 Low

EPSS

Percentile

96.5%

JSON
Related for SECURITYVULNS:DOC:8916
suse1openvas6debian4cve1redhat1nessus8ubuntucve1nvd1debiancve1cvelist1freebsd1checkpoint_advisories1centos1gentoo1