SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
Severity: : Critical
CVE Kennungen: : CVE-2010-1132
Advisory Date: 21 de июля de 2015
DESCRIPTION
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1004037
AFFECTED SOFTWARE AND VERSION:
- georg_greve spamassassin_milter_plugin 0.3.1