SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection

Critical Nessus Plugin ID 45019

Synopsis

Arbitrary commands can be executed on the remote SMTP server.

Description

The remote mail server is affected by a command execution vulnerability.

Specifically, the 'spamass-milter' plugin does not properly sanitize user-supplied input and can be tricked into executing arbitrary commands on the remote server (by default with root privileges).

Solution

Unknown at this time.

See Also

https://seclists.org/fulldisclosure/2010/Mar/140

Plugin Details

Severity: Critical

ID: 45019

File Name: spamass_milter.nasl

Version: 1.14

Type: remote

Published: 2010/03/09

Updated: 2019/03/06

Dependencies: 10263

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:georg_greve:spamassassin_milter_plugin

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2010/03/08

Reference Information

CVE: CVE-2010-1132

BID: 38578

Secunia: 38840