Medium Nessus Plugin ID 19242
SynopsisThe remote host is missing a vendor-supplied security patch
DescriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:033 (spamassassin).
The anti spam tool SpamAssassin was prone to a denial-of-service attack. A remote attacker could craft a MIME E-Mail message that would waste a lot of CPU cycles parsing the Content-Type header.
This is tracked by the Mitre CVE ID CVE-2005-1266.
Only SUSE Linux 9.2 and 9.3 are affected, since they include the 3.x version of spamassassin. Older versions are not affected.