FreeBSD : p5-Mail-SpamAssassin -- denial of service vulnerability (cc4ce06b-e01c-11d9-a8bd-000cf18bbe54)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Apache SpamAssassin Security Team reports :

Apache SpamAssassin 3.0.4 was recently released, and fixes a denial of
service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The
vulnerability allows certain misformatted long message headers to
cause spam checking to take a very long time.

While the exploit has yet to be seen in the wild, we are concerned
that there may be attempts to abuse the vulnerability in the future.
Therefore, we strongly recommend all users of these versions upgrade
to Apache SpamAssassin 3.0.4 as soon as possible.

See also :

http://www.nessus.org/u?19eed3bf
http://www.nessus.org/u?a3ddb160

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19123 (freebsd_pkg_cc4ce06be01c11d9a8bd000cf18bbe54.nasl)

Bugtraq ID:

CVE ID: CVE-2005-1266

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now