Boletines de Vulnerabilidades |
Denegación de servicio en SpamAssassin |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Denegación de Servicio |
Dificultad | Avanzado |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado |
SpamAssassin 2.5x SpamAssassin 2.6x < 2.64 |
Descripción |
|
Existe una vulnerabilidad en las versiones 2.5x y 2.6x de SpamAssasin. Si un atacante envía un mensaje mal formado intencionadamente al servidor puede producirse una situación de Denegación de Servicio que resultaría en un bloqueo de la aplicación. |
|
Solución |
|
Actualizacion de software Mandrake Linux Mandrakelinux 9.1 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/spamassassin-2.44-1.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm Mandrakelinux 9.1/PPC ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/spamassassin-2.44-1.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.ppc.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/ppc/9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm Mandrakelinux 9.2 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/spamassassin-2.55-2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm Mandrakelinux 9.2/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/spamassassin-2.55-2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm Mandrakelinux 10.0 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/spamassassin-2.63-2.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/spamassassin-2.63-2.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm Corporate Server 2.1/X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/spamassassin-2.53-1.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/spamassassin-tools-2.53-1.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/perl-Mail-SpamAssassin-2.53-1.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/spamassassin-2.53-1.1.C21mdk.src.rpm Red Hat Linux Red Hat Desktop (v. 3) AMD64 spamassassin-2.55-3.2.x86_64.rpm SRPMS spamassassin-2.55-3.2.src.rpm i386 spamassassin-2.55-3.2.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 spamassassin-2.55-3.2.x86_64.rpm SRPMS spamassassin-2.55-3.2.src.rpm i386 spamassassin-2.55-3.2.i386.rpm ia64 spamassassin-2.55-3.2.ia64.rpm ppc spamassassin-2.55-3.2.ppc.rpm s390 spamassassin-2.55-3.2.s390.rpm s390x spamassassin-2.55-3.2.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 spamassassin-2.55-3.2.x86_64.rpm SRPMS spamassassin-2.55-3.2.src.rpm i386 spamassassin-2.55-3.2.i386.rpm ia64 spamassassin-2.55-3.2.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 spamassassin-2.55-3.2.x86_64.rpm SRPMS spamassassin-2.55-3.2.src.rpm i386 spamassassin-2.55-3.2.i386.rpm ia64 spamassassin-2.55-3.2.ia64.rpm https://rhn.redhat.com/ |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2004-0796 |
BID | |
Recursos adicionales |
|
Mandrakesoft Security Advisory MDKSA-2004:084 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:084 Red Hat Security Advisory RHSA-2004:451-05 https://rhn.redhat.com/errata/RHSA-2004-451.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2004-08-20 |
1.1 | CAN añadido. Aviso emitido por Red Hat (RHSA-2004:451-05). | 2004-10-01 |