SUSE-SA:2005:033: spamassassin

Medium Nessus Plugin ID 19242


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2005:033 (spamassassin).

The anti spam tool SpamAssassin was prone to a denial-of-service attack. A remote attacker could craft a MIME E-Mail message that would waste a lot of CPU cycles parsing the Content-Type header.

This is tracked by the Mitre CVE ID CVE-2005-1266.

Only SUSE Linux 9.2 and 9.3 are affected, since they include the 3.x version of spamassassin. Older versions are not affected.


Plugin Details

Severity: Medium

ID: 19242

File Name: suse_SA_2005_033.nasl

Version: $Revision: 1.5 $

Agent: unix

Published: 2005/07/20

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list