SpamAssassin spamc BSMTP Buffer Overflow

Julian Field mailscanner at ecs.soton.ac.uk
Mon Feb 3 19:58:20 GMT 2003


See my previous answer.

At 19:46 03/02/2003, you wrote:
>Julian
>
>     Does the configuration for MailScanner and SpamAssassin use spamc?
>
>
>
>Thanks
>Darrin
>
>On Mon, 2003-02-03 at 13:58, Julian Field wrote:
> > Thanks for the posting, but MailScanner does not use spamc at all.
> >
> > At 18:53 03/02/2003, you wrote:
> > >Not sure if this effects this list.
> > >
> > >The affected software is said to be in the Beta development stage,
> > >and the vulnerability is present only in a specific non-default
> > >configuration. However, the program is popular with Unix administrators
> > >providing web-based access to mailing list archives.
> > >
> > >Ease of Exploitation: Straightforward.
> > >An attacker sending a malicious email with an over-long attachment name
> > >can overflow a buffer on the stack and control Hypermail's execution.
> > >An example email that will trigger the overflow has been posted.
> > >
> > >
> > >Darrin
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list