CVE-2010-1132 Information

Feb 14, 2021 cve

Description

The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1 when using the expand option allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html http://bugs.debian.org/573228 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.html http://osvdb.org/62809 http://secunia.com/advisories/38840 http://secunia.com/advisories/38956 http://secunia.com/advisories/39265 http://www.debian.org/security/2010/dsa-2021 http://www.exploit-db.com/exploits/11662 http://www.securityfocus.com/bid/38578 http://www.securitytracker.com/id?1023691 http://www.vupen.com/english/advisories/2010/0559 http://www.vupen.com/english/advisories/2010/0683 http://www.vupen.com/english/advisories/2010/0837 https://bugzilla.redhat.com/show_bug.cgi?id=572117 https://exchange.xforce.ibmcloud.com/vulnerabilities/56732 https://savannah.nongnu.org/bugs/?29136

Share on: