Security vulnerability in SpamAssassin filter module

The SpamAssassin Milter plug-in which plugs in to Milter and calls SpamAssassin, contains a security vulnerability which can be exploited by attackers using a crafted email to inject and execute code on a mail server. The SpamAssassin Milter plug-in is frequently used to run SpamAssassin on Postfix servers.

In order to exploit the vulnerability, the plug-in must be called with the -x expand flag. For attackers to obtain root privileges, as the author of the security advisory proclaims, the plug-in has to be started as root – something which is anyway highly inadvisable. The attack occurs via a specially crafted recipient (RCPT TO) and is therefore unable to succeed if the plug-in only receives emails addressed to defined addresses.

Read more at H-online

Comments are closed.