Detections
Analytics

SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection

critical Nessus Plugin ID 45019

Language:

Synopsis

Arbitrary commands can be executed on the remote SMTP server.

Description

The remote mail server is affected by a command execution vulnerability.

Specifically, the 'spamass-milter' plugin does not properly sanitize user-supplied input and can be tricked into executing arbitrary commands on the remote server (by default with root privileges).

Solution

Unknown at this time.

See Also

https://seclists.org/fulldisclosure/2010/Mar/140

Plugin Details

Severity: Critical

ID: 45019

File Name: spamass_milter.nasl

Version: 1.14

Type: remote

Published: 3/9/2010

Updated: 3/6/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:georg_greve:spamassassin_milter_plugin

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/8/2010

Reference Information

CVE: CVE-2010-1132

BID: 38578

Secunia: 38840