SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
Gravità: : Critico
Identificatori CVE: CVE-2010-1132
Data notifica: 21 luglio 2015
Descrizione
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1004037
Software e versione interessati:
- georg_greve spamassassin_milter_plugin 0.3.1