SpamAssassin: Denial of Service vulnerability

Security Team  Contact Address

Updated August 09, 2004

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200408-06 / SpamAssassin
Release Date August 09, 2004
Latest Revision May 22, 2006: 02
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
mail-filter/spamassassin <= 2.63-r1 >= 2.64 All supported architectures

Related bugreports: #59483

Synopsis

SpamAssassin is vulnerable to a Denial of Service attack when handling certain malformed messages.

2.  Impact Information

Background

SpamAssassin is an extensible email filter which is used to identify spam.

Description

SpamAssassin contains an unspecified Denial of Service vulnerability.

Impact

By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin service.

3.  Resolution Information

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of SpamAssassin.

Resolution

All SpamAssassin users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge sync

# emerge -pv ">=mail-filter/spamassassin-2.64"
# emerge ">=mail-filter/spamassassin-2.64"

4.  References