Oracle Linux 4 : spamassassin (ELSA-2007-0074)

Medium Nessus Plugin ID 67450


The remote Oracle Linux host is missing a security update.


From Red Hat Security Advisory 2007:0074 :

Updated spamassassin packages that fix a security issue are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

SpamAssassin provides a way to reduce unsolicited commercial email (spam) from incoming email.

A flaw was found in the way SpamAssassin processes HTML email containing URIs. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a number of these messages are sent, this could lead to a denial of service, potentially delaying or preventing the delivery of email. (CVE-2007-0451)

Users of SpamAssassin should upgrade to these updated packages which contain version 3.1.8 which is not vulnerable to these issues.

This is an upgrade from SpamAssassin version 3.0.6 to 3.1.8, which contains many bug fixes and spam detection enhancements. Further details are available in the SpamAssassin 3.1 changelog and upgrade guide.


Update the affected spamassassin package.

See Also

Plugin Details

Severity: Medium

ID: 67450

File Name: oraclelinux_ELSA-2007-0074.nasl

Version: $Revision: 1.4 $

Type: local

Agent: unix

Published: 2013/07/12

Modified: 2015/12/01

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:spamassassin, cpe:/o:oracle:linux:4

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/02/22

Vulnerability Publication Date: 2007/02/13

Reference Information

CVE: CVE-2007-0451

BID: 22584

OSVDB: 33207

RHSA: 2007:0074

CWE: 399