SpamAssassin spamc BSMTP Buffer Overflow

Darrin Powell dpowell at LSSI.NET
Mon Feb 3 18:53:09 GMT 2003

Not sure if this effects this list.

The affected software is said to be in the Beta development stage,
and the vulnerability is present only in a specific non-default
configuration. However, the program is popular with Unix administrators
providing web-based access to mailing list archives.

Ease of Exploitation: Straightforward.
An attacker sending a malicious email with an over-long attachment name
can overflow a buffer on the stack and control Hypermail's execution.
An example email that will trigger the overflow has been posted.


More information about the MailScanner mailing list