SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection
Critical Nessus Plugin ID 45019
SynopsisArbitrary commands can be executed on the remote SMTP server.
DescriptionThe remote mail server is affected by a command execution vulnerability.
Specifically, the 'spamass-milter' plugin does not properly sanitize user-supplied input and can be tricked into executing arbitrary commands on the remote server (by default with root privileges).
SolutionUnknown at this time.