CRM114 version specifics?

Matt Kettler mkettler at evi-inc.com
Tue Jul 31 16:00:52 IST 2007


Steve Campbell wrote:
> Thanks all for the info.
> 
> Now, what about version specifics. Will CRM114 run with older versions
> of SA? Is it pretty generic or real specific? It's been around for a
> long time, as I read it, but wasn't used specifically with SA, so I
> wonder if it will run with my 3.0.1 SA.

You should be worried about upgrading before adding CRM114.

Unless your 3.0.1 is vendor-patched, you've got numerous security
vulnerabilities, mostly DoS attacks that exploit cases where the message parsing
can be made to burn lots of CPU by feeding it malformed messages.

http://wiki.apache.org/spamassassin/Security


Known to affect 3.0.1:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2447
(note: 2006-2447 requires spamd, so irrelevant to MailScanner)

Might affect you (never verified against such an old version):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351



More information about the MailScanner mailing list