CVE-2010-1132

Published: Mar 26, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

ADV-2010-0559

vdb-entry

x_refsource_VUPEN

20100307 Spamassassin Milter Plugin Remote Root

mailing-list

x_refsource_FULLDISC

ADV-2010-0683

vdb-entry

x_refsource_VUPEN

39265

third-party-advisory

x_refsource_SECUNIA

ADV-2010-0837

vdb-entry

x_refsource_VUPEN

38578

vdb-entry

x_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=572117

x_refsource_CONFIRM

DSA-2021

vendor-advisory

x_refsource_DEBIAN

https://savannah.nongnu.org/bugs/?29136

x_refsource_CONFIRM

11662

exploit

x_refsource_EXPLOIT-DB

http://bugs.debian.org/573228

x_refsource_CONFIRM

FEDORA-2010-5096

vendor-advisory

x_refsource_FEDORA

1023691

vdb-entry

x_refsource_SECTRACK

62809

vdb-entry

x_refsource_OSVDB

spamassassin-expand-command-execution(56732)

vdb-entry

x_refsource_XF

38956

third-party-advisory

x_refsource_SECUNIA

38840

third-party-advisory

x_refsource_SECUNIA

FEDORA-2010-5112

vendor-advisory

x_refsource_FEDORA

FEDORA-2010-5176

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2010-1132

Description

Affected Products

References