CRM114 version specifics?
Matt Kettler
mkettler at evi-inc.com
Tue Jul 31 16:00:52 IST 2007
Steve Campbell wrote:
> Thanks all for the info.
>
> Now, what about version specifics. Will CRM114 run with older versions
> of SA? Is it pretty generic or real specific? It's been around for a
> long time, as I read it, but wasn't used specifically with SA, so I
> wonder if it will run with my 3.0.1 SA.
You should be worried about upgrading before adding CRM114.
Unless your 3.0.1 is vendor-patched, you've got numerous security
vulnerabilities, mostly DoS attacks that exploit cases where the message parsing
can be made to burn lots of CPU by feeding it malformed messages.
http://wiki.apache.org/spamassassin/Security
Known to affect 3.0.1:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2447
(note: 2006-2447 requires spamd, so irrelevant to MailScanner)
Might affect you (never verified against such an old version):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351
More information about the MailScanner
mailing list