3 results (0.005 seconds)

CVSS: 1.9EPSS: 0%CPEs: 12EXPL: 0

SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd. SpamAssassin 3.1.x, 3.2.0, y 3.2.1 anterior a 20070611, cuando funciona como root en configuraciones habituales utilizando usuarios vpopmail o virtuales, permite a usuarios locales provocar denegación de servicio (archivos de su elección corruptos) a través de un ataque de enlace simbólico sobre un fichero que es utlizada por spamd. • http://osvdb.org/37234 http://spamassassin.apache.org/advisories/cve-2007-2873.txt http://www.mandriva.com/security/advisories?name=MDKSA-2007:125 http://www.redhat.com/support/errata/RHSA-2007-0492.html http://www.securityfocus.com/bid/24481 http://www.securitytracker.com/id?1018242 http://www.vupen.com/english/advisories/2007/2172 https://exchange.xforce.ibmcloud.com/vulnerabilities/34864 https://issues.rpath.com/browse/RPL-1450 https://oval.cisecurity.org/repository/search/defin •

CVSS: 5.0EPSS: 4%CPEs: 9EXPL: 0

SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages. SpamAssasin 2.5x y 2.6x anteriores a 2.64 permiten a atacantes remotos causar una denegación de servicio mediante ciertos mensajes malformados. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129337 http://marc.info/?l=spamassassin-announce&m=109168121628767&w=2 http://security.gentoo.org/glsa/glsa-200408-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:084 http://www.securityfocus.com/bid/10957 https://bugzilla.fedora.us/show_bug.cgi?id=2268 https://exchange.xforce.ibmcloud.com/vulnerabilities/16938 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10413 https://acces •

CVSS: 7.6EPSS: 6%CPEs: 4EXPL: 0

Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters. • http://marc.info/?l=bugtraq&m=104342896818777&w=2 http://secunia.com/advisories/7983 http://www.securityfocus.com/archive/1/309912/30/26090/threaded http://www.securityfocus.com/archive/1/310212/30/26030/threaded http://www.securityfocus.com/bid/6679 https://exchange.xforce.ibmcloud.com/vulnerabilities/11154 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •