exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2020-1946

Status Candidate

Overview

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.

Related Files

Red Hat Security Advisory 2021-4315-03
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4315-03 - The SpamAssassin tool provides a way to reduce unsolicited commercial email from incoming email.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-1946
SHA-256 | ae43da40d149019d67debcfeadeaaf00a8ab9a2222ed96d5fb1c74d66edd7e7b
Gentoo Linux Security Advisory 202105-26
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-26 - A vulnerability in SpamAssassin might allow remote attackers to execute arbitrary commands. Versions less than 3.4.5 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2020-1946
SHA-256 | 1c732dd9fa6d5ee1a9cfee4e29e13440231560ebb2d6085dcc4ad26a5250bf4e
Ubuntu Security Notice USN-4899-2
Posted Apr 12, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4899-2 - USN-4899-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 14.04 ESM. Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-1946
SHA-256 | e9b992829524fe48be94507171d6a8be14b8bd6ec5c973be136bfb56cfd6fd56
Ubuntu Security Notice USN-4899-1
Posted Apr 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4899-1 - Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2020-1946
SHA-256 | 7e82d922210b3b643c58222e005715d40bd63acdbbeef0bec232db24d5409484
Debian Security Advisory 4879-1
Posted Mar 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4879-1 - Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.

tags | advisory, arbitrary, perl
systems | linux, debian
advisories | CVE-2020-1946
SHA-256 | 5b6d2c5cbe5c49ee34932f51f38015dcbcd6c4604d649325a1c09366a2d270da
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close