SpamAssassin spamc BSMTP Buffer Overflow
mailscanner at ecs.soton.ac.uk
Mon Feb 3 18:58:27 GMT 2003
Thanks for the posting, but MailScanner does not use spamc at all.
At 18:53 03/02/2003, you wrote:
>Not sure if this effects this list.
>The affected software is said to be in the Beta development stage,
>and the vulnerability is present only in a specific non-default
>configuration. However, the program is popular with Unix administrators
>providing web-based access to mailing list archives.
>Ease of Exploitation: Straightforward.
>An attacker sending a malicious email with an over-long attachment name
>can overflow a buffer on the stack and control Hypermail's execution.
>An example email that will trigger the overflow has been posted.
MailScanner thanks transtec Computers for their support
More information about the MailScanner