DOS attck vulnerabilty in SpamAssassin
Stephen Swaney
steve.swaney at fsl.com
Fri Nov 11 02:18:50 GMT 2005
I just caught this notice:
SpamAssassin Long Message Header Denial of Service. Secunia - UK
Description:
A vulnerability has been reported in SpamAssassin, which can be exploited by
malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to the use of an inefficient regular
expression in "/SpamAssassin/Message.pm" to parse email headers. This can
cause perl to crash when it runs out of stack space and can be exploited via
a malicious email that contains a large number of recipients.
The vulnerability has been reported in version 3.0.4. Prior versions may
also be affected.
Solution:
Update to version 3.1.0.
http://spamassassin.apache.org/downloads.cgi?update=200509141634
From:
http://secunia.com/advisories/17386/
It looks like if you've updated to SpamAssassin 3.1 you should be OK. If not
:(
Steve
Stephen Swaney
Fort Systems Ltd.
Phone: 202 338-1670
Cell: 202 352-3262
stephen.swaney at fsl.com
www.fsl.com
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list