SpamAssassin spamc BSMTP Buffer Overflow

Darrin Powell dpowell at LSSI.NET
Mon Feb 3 19:46:51 GMT 2003


    Does the configuration for MailScanner and SpamAssassin use spamc?


On Mon, 2003-02-03 at 13:58, Julian Field wrote:
> Thanks for the posting, but MailScanner does not use spamc at all.
> At 18:53 03/02/2003, you wrote:
> >Not sure if this effects this list.
> >
> >The affected software is said to be in the Beta development stage,
> >and the vulnerability is present only in a specific non-default
> >configuration. However, the program is popular with Unix administrators
> >providing web-based access to mailing list archives.
> >
> >Ease of Exploitation: Straightforward.
> >An attacker sending a malicious email with an over-long attachment name
> >can overflow a buffer on the stack and control Hypermail's execution.
> >An example email that will trigger the overflow has been posted.
> >
> >
> >Darrin
> --
> Julian Field
> MailScanner thanks transtec Computers for their support

More information about the MailScanner mailing list