PT-2003-2502 · Apache · Spamassassin

Published

2003-12-31

Updated

2018-10-19

CVE-2003-1557

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SpamAssassin versions 2.40 through 2.43

Description The issue is related to an off-by-one buffer overflow in the spamc component of SpamAssassin. This occurs when the software is used in BSMTP mode, denoted by the "-B" option. The overflow can be triggered by remote attackers sending emails that contain headers with leading "." characters, potentially allowing the execution of arbitrary code.

Recommendations For SpamAssassin versions 2.40 through 2.43, consider disabling the BSMTP mode until a patch is available. Restrict access to the spamc component to minimize the risk of exploitation. Avoid using the "-B" option in the affected versions to prevent potential attacks.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2003-1557

Affected Products

Spamassassin

PT-2003-2502 · Apache · Spamassassin

CVE-2003-1557

Weakness Enumeration

Related Identifiers

Affected Products

References · 10