CERTA-2005-AVI-225
Vulnerability from certfr_avis - Published: 2005-06-17 - Updated: 2005-07-11
Une vulnérabilité dans SpamAssassin permet à un utilisateur distant mal intentionné de provoquer un déni de service.
Description
SpamAssassin est un filtre de courrier électronique permettant l'élimination de pourriels (Spam). Une vulnérabilité dans la lecture des en-têtes de méls permet à un utilisateur distant mal intentionné de provoquer un déni de service par le biais d'un courrier électronique malicieusement constitué.
Solution
La version 3.0.4 corrige le problème. Elle est téléchargeable à l'adresse :
http://spamassassin.apache.org/downloads.cgi?update=200506061100
.
SpamAssassin versions 3.0.3 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eSpamAssassin versions 3.0.3 et ant\u00e9rieures.\u003c/p\u003e",
"content": "## Description\n\nSpamAssassin est un filtre de courrier \u00e9lectronique permettant\nl\u0027\u00e9limination de pourriels (Spam). Une vuln\u00e9rabilit\u00e9 dans la lecture des\nen-t\u00eates de m\u00e9ls permet \u00e0 un utilisateur distant mal intentionn\u00e9 de\nprovoquer un d\u00e9ni de service par le biais d\u0027un courrier \u00e9lectronique\nmalicieusement constitu\u00e9.\n\n## Solution\n\nLa version 3.0.4 corrige le probl\u00e8me. Elle est t\u00e9l\u00e9chargeable \u00e0\nl\u0027adresse :\n\n http://spamassassin.apache.org/downloads.cgi?update=200506061100\n\n.\n",
"cves": [],
"initial_release_date": "2005-06-17T00:00:00",
"last_revision_date": "2005-07-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-736 du 01 juillet 2005 :",
"url": "http://www.debian.org/security/2005/dsa-736"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 OpenBSD pour p5-Mail-SpamAssassin du 10 juillet 2005 :",
"url": "http://www.vuxml.org/openbsd/pkg-p5-Mail-SpamAssassin.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SA:2005:033 du 22 juin 2005 :",
"url": "http://www.novell.com/linux/security/advisories/2005_33_spamassassin.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo pour SpamAssassin du 21 juin 2005 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-17.xml"
},
{
"title": "Mise \u00e0 jour de s\u00e9curit\u00e9 pour Fedora Core 3 du 17 juin 2005 :",
"url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"
},
{
"title": "Liste des changement entre la version 3.0.3 et 3.0.4 de SpamAssassin :",
"url": "http://wiki.apache.org/spamassassin/changes304"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2005-498 du 23 juin 2005 :",
"url": "https://rhn.redhat.com/errata/RHSA-2005-498.html"
},
{
"title": "Mise \u00e0 jour de s\u00e9curit\u00e9 pour Fedora Core 4 du 17 juin 2005 :",
"url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2005:106 du 28 juin 2005 :",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:106"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 FreeBSD pour p5-Mail-SpamAssassin du 18 juin 2005 :",
"url": "http://www.vuxml.org/freebsd/pkg-p5-Mail-SpamAssassin.html"
}
],
"reference": "CERTA-2005-AVI-225",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-06-17T00:00:00.000000"
},
{
"description": "modification de la r\u00e9f\u00e9rence CVE et ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 FreeBSD.",
"revision_date": "2005-06-20T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.",
"revision_date": "2005-06-21T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 SUSE.",
"revision_date": "2005-06-23T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 RHSA-2005-498 de Red Hat.",
"revision_date": "2005-06-24T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Mandriva.",
"revision_date": "2005-06-29T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Debian.",
"revision_date": "2005-07-01T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 OpenBSD.",
"revision_date": "2005-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans SpamAssassin permet \u00e0 un utilisateur distant mal\nintentionn\u00e9 de provoquer un d\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans SpamAssassin",
"vendor_advisories": [
{
"published_at": null,
"title": "Liste des changements entre la 3.0.3 et 3.0.4 de SpamAssassin",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…