MiracleLinux 8 : spamassassin-3.4.4-4.el8 (AXSA:2021-2680:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2680:03 advisory. spamassassin: Malicious rule configuration files can be configured to run system commands CVE-2020-1946 Tenable has extracted the preceding description block...

SUSE CVE-2020-1946

In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...

RHEL 8 : spamassassin (RHSA-2021:4315)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:4315 advisory. The SpamAssassin tool provides a way to reduce unsolicited commercial email spam from incoming email. Security Fixes: spamassassin: Malicious rule...

ALSA-2021:4315 Moderate: spamassassin security update

The SpamAssassin tool provides a way to reduce unsolicited commercial email spam from incoming email. Security Fixes: spamassassin: Malicious rule configuration files can be configured to run system commands CVE-2020-1946 For more details about the security issues, including the impact, a CVSS...

EulerOS 2.0 SP5 : spamassassin (EulerOS-SA-2021-2230)

According to the version of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or...

Apache SpamAssassin Injection Vulnerability

Apache SpamAssassin is an open source spam filter from the Apache USA Foundation. The product provides system administrators with a filter and support for categorizing email to block spam. An injection vulnerability exists in Apache SpamAssassin versions prior to 3.4.5 that allows configuration o...

CVE-2020-1946

A flaw was found in spamassassin. Malicious rule configuration .cf files can be configured to run system commands without any output or errors allowing exploits to be injected in a number of scenarios. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

ALPINE-CVE-2020-1946

In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...

CVE-2020-1946

In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...

CVE-2020-1946

In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...

Apache SpamAssassin 操作系统命令注入漏洞

Apache SpamAssassin is an open source spam filter from the Apache USA Foundation. The product provides system administrators with a filter and support for categorizing email to block spam. An injection vulnerability exists in Apache SpamAssassin versions prior to 3.4.5 that allows configuration o...

spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands

The Apache SpamAssassin project reports: Apache SpamAssassin 3.4.5 was recently released 1, and fixes an issue of security note where malicious rule configuration .cf files can be configured to run system commands. In Apache SpamAssassin before 3.4.5, exploits can be injected in a number of...

UBUNTU-CVE-2020-1946

In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...

Debian DLA-2037-1 : spamassassin security update

Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805 Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. CVE-2019-12420 Specially crafted mulitpar...

[SECURITY] [DSA 4584-1] spamassassin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq -...