SpamAssassin spamc BSMTP Buffer Overflow

[Darrin Powell]

Not sure if this effects this list.

The affected software is said to be in the Beta development stage,
and the vulnerability is present only in a specific non-default
configuration. However, the program is popular with Unix administrators
providing web-based access to mailing list archives.

Ease of Exploitation: Straightforward.
An attacker sending a malicious email with an over-long attachment name
can overflow a buffer on the stack and control Hypermail's execution.
An example email that will trigger the overflow has been posted.


Darrin