Vulnerability Bulletins

int(978)

Vulnerability Bulletins

Denegación de servicio en SpamAssassin
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Denegación de Servicio
Dificulty	Avanzado
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	SpamAssassin 2.5x SpamAssassin 2.6x < 2.64
Description
Existe una vulnerabilidad en las versiones 2.5x y 2.6x de SpamAssasin. Si un atacante envía un mensaje mal formado intencionadamente al servidor puede producirse una situación de Denegación de Servicio que resultaría en un bloqueo de la aplicación.
Solution
Actualizacion de software Mandrake Linux Mandrakelinux 9.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/spamassassin-2.44-1.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm Mandrakelinux 9.1/PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/spamassassin-2.44-1.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm Mandrakelinux 9.2 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/spamassassin-2.55-2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm Mandrakelinux 9.2/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/spamassassin-2.55-2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm Mandrakelinux 10.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/spamassassin-2.63-2.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/spamassassin-2.63-2.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm Corporate Server 2.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/spamassassin-2.53-1.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/spamassassin-tools-2.53-1.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/perl-Mail-SpamAssassin-2.53-1.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/spamassassin-2.53-1.1.C21mdk.src.rpm Red Hat Linux Red Hat Desktop (v. 3) AMD64 spamassassin-2.55-3.2.x86_64.rpm SRPMS spamassassin-2.55-3.2.src.rpm i386 spamassassin-2.55-3.2.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 spamassassin-2.55-3.2.x86_64.rpm SRPMS spamassassin-2.55-3.2.src.rpm i386 spamassassin-2.55-3.2.i386.rpm ia64 spamassassin-2.55-3.2.ia64.rpm ppc spamassassin-2.55-3.2.ppc.rpm s390 spamassassin-2.55-3.2.s390.rpm s390x spamassassin-2.55-3.2.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 spamassassin-2.55-3.2.x86_64.rpm SRPMS spamassassin-2.55-3.2.src.rpm i386 spamassassin-2.55-3.2.i386.rpm ia64 spamassassin-2.55-3.2.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 spamassassin-2.55-3.2.x86_64.rpm SRPMS spamassassin-2.55-3.2.src.rpm i386 spamassassin-2.55-3.2.i386.rpm ia64 spamassassin-2.55-3.2.ia64.rpm https://rhn.redhat.com/
Standar resources
Property	Value
CVE	CAN-2004-0796
BID
Other resources
Mandrakesoft Security Advisory MDKSA-2004:084 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:084 Red Hat Security Advisory RHSA-2004:451-05 https://rhn.redhat.com/errata/RHSA-2004-451.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-08-20
1.1	CAN añadido. Aviso emitido por Red Hat (RHSA-2004:451-05).	2004-10-01

Vulnerability Bulletins

Denegación de servicio en SpamAssassin

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history