icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

SpamAssassin < 3.2.1 spamd Symlink Local DoS

Low

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is running SpamAssassin, an anti-spam software application that detects and blocks spam emails. This version of SpamAssassin is vulnerable to a flaw in that by creating a symbolic link, local attackers can cause the application to process a malformed file. Successful exploitation results in the application crashing and denying valid services to users.

Solution

Upgrade to version 3.2.1 or higher.