SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
Schweregrad:: Kritisch
CVE Kennungen:: CVE-2010-1132
Hinweisdatum: 21 Juli 2015
Beschreibung
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1004037
Betroffene Software und Version:
- georg_greve spamassassin_milter_plugin 0.3.1