Lucene search

FreeBSDE3404A6E-4364-11EA-B643-206A8A720317

HistoryJan 30, 2020 - 12:00 a.m.

spamassassin -- Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings

2020-01-3000:00:00

vuxml.freebsd.org

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

the Apache Spamassassin project reports:

nefarious rule configuration (.cf) files can be configured to
run system commands similar to CVE-2018-11805. This issue
is less stealthy and attempts to exploit the issue will throw
warnings.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchspamassassin< 3.4.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	spamassassin	< 3.4.4	UNKNOWN

References

cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1931

svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Related for E3404A6E-4364-11EA-B643-206A8A720317