Boletines de Vulnerabilidades |
Denegación de servicio en SpamAssassin |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Denegación de Servicio |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricant afectat | GNU/Linux |
| Software afectado | SpamAssassin |
Descripción |
|
|
Se ha descubierto una vulnerabilidad en la herramienta antispam SpamAssassin. La vulnerabilidad reside en el manejo de la cabecera Content-Type en mensajes de correo electrónico MIME. La explotación de esta vulnerabilidad podría permitir a un atacante remoto provocar una situación de denegación de servicio del sistema por consumo de CPU mediante el envío de un mensaje de correo especialmente diseñado. |
|
Solución |
|
|
Actualización de software SUSE Linux SUSE Linux 9.3 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/perl-spamassassin-3.0.4-1.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/spamassassin-3.0.4-1.1.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/perl-spamassassin-3.0.4-1.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/spamassassin-3.0.4-1.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/spamassassin-3.0.4-1.1.src.rpm SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/perl-spamassassin-3.0.4-1.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/spamassassin-3.0.4-1.1.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/perl-spamassassin-3.0.4-1.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/spamassassin-3.0.4-1.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/spamassassin-3.0.4-1.1.src.rpm Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Mandriva Linux Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/spamassassin-3.0.4-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/spamassassin-spamc-3.0.4-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/spamassassin-spamd-3.0.4-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/spamassassin-tools-3.0.4-0.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/spamassassin-3.0.4-0.1.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/spamassassin-3.0.4-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/spamassassin-spamc-3.0.4-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/spamassassin-spamd-3.0.4-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/spamassassin-tools-3.0.4-0.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/spamassassin-3.0.4-0.1.101mdk.src.rpm Mandrivalinux LE2005 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/spamassassin-3.0.4-0.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/spamassassin-spamc-3.0.4-0.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/spamassassin-spamd-3.0.4-0.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/spamassassin-tools-3.0.4-0.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/spamassassin-3.0.4-0.1.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/spamassassin-3.0.4-0.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/spamassassin-spamc-3.0.4-0.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/spamassassin-spamd-3.0.4-0.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/spamassassin-tools-3.0.4-0.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/spamassassin-3.0.4-0.1.102mdk.src.rpm Debian Linux Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2.diff.gz http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3.orig.tar.gz http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2.dsc Architecture independent http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2_all.deb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_alpha.deb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_i386.deb ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_ia64.deb m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_m68k.deb mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_mips.deb mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_mipsel.deb powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_powerpc.deb s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_s390.deb sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_sparc.deb arm architecture (ARM) http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_arm.deb hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_hppa.deb Debian Debian Linux 3.1 AMD64 http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_amd64.deb |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CAN-2005-1266 |
| BID | |
Recursos adicionales |
|
|
SUSE Security Announcement SUSE-SA:2005:033 http://www.novell.com/linux/security/advisories/2005_33_spamassassin.html Red Hat Security Advisory RHSA-2005:498-10 https://rhn.redhat.com/errata/RHSA-2005-498.html Mandriva Security Advisories MDKSA-2005:106 http://www.mandriva.com/security/advisories?name=MDKSA-2005:106 Debian Security Advisory DSA 736-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00119.html Debian Security Advisory DSA 736-2 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00128.html Debian Security Advisory DSA 773-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00160.html |
|
Histórico de versiones |
||
| Versión | Comentario | Data |
| 1.0 | Aviso emitido | 2005-06-23 |
| 1.1 | Aviso emitido por Red Hat (RHSA-2005:498-10) | 2005-06-27 |
| 1.2 | Aviso emitido por Mandriva (MDKSA-2005:106) | 2005-06-29 |
| 1.3 | Aviso emitido por Debian (DSA 736-1) | 2005-07-01 |
| 1.4 | Aviso actualizado por Debian (DSA 736-2) | 2005-07-08 |
| 1.5 | Aviso emitido por Debian (DSA 773-1) | 2005-08-25 |