1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200506-17 / SpamAssassin, Vipul's Razor |
| Release Date | June 21, 2005 |
| Latest Revision | May 22, 2006: 03 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| mail-filter/spamassassin | < 3.0.4 | >= 3.0.4, < 3.0.1 | All supported architectures |
| mail-filter/razor | < 2.74 | >= 2.74 | All supported architectures |
Related bugreports: #94722, #95492, #96776
SpamAssassin and Vipul's Razor are vulnerable to a Denial of Service attack when handling certain malformed messages.
SpamAssassin is an extensible email filter which is used to identify junk email. Vipul's Razor is a client for a distributed, collaborative spam detection and filtering network.
SpamAssassin and Vipul's Razor contain a Denial of Service vulnerability when handling special misformatted long message headers.
By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin/Vipul's Razor server.
There is no known workaround at this time.
All SpamAssassin users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.0.4" |
All Vipul's Razor users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/razor-2.74" |