Vulnerability Description
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Georg Greve | Spamassassin Milter Plugin | 0.3.1 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.htmlExploit
- http://bugs.debian.org/573228
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.html
- http://osvdb.org/62809
- http://secunia.com/advisories/38840Vendor Advisory
- http://secunia.com/advisories/38956Vendor Advisory
- http://secunia.com/advisories/39265Vendor Advisory
- http://www.debian.org/security/2010/dsa-2021
- http://www.exploit-db.com/exploits/11662Exploit
- http://www.securityfocus.com/bid/38578Exploit
- http://www.securitytracker.com/id?1023691
- http://www.vupen.com/english/advisories/2010/0559Vendor Advisory
- http://www.vupen.com/english/advisories/2010/0683Vendor Advisory
FAQ
What is CVE-2010-1132?
CVE-2010-1132 is a vulnerability with a CVSS score of 9.3 (HIGH). The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters...
How severe is CVE-2010-1132?
CVE-2010-1132 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1132?
Check the references section above for vendor advisories and patch information. Affected products include: Georg Greve Spamassassin Milter Plugin.