Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: announce

Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3

 

 

SpamAssassin announce RSS feed   Index | Next | Previous | View Threaded


quinlan at pathname

Jun 15, 2005, 1:00 PM

Post #1 of 1 (5353 views)
Permalink
Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3

Apache SpamAssassin 3.0.4 was recently released [0], and fixes a denial
of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The
vulnerability allows certain misformatted long message headers to cause
spam checking to take a very long time.

While the exploit has yet to be seen in the wild, we are concerned that
there may be attempts to abuse the vulnerability in the future.
Therefore, we strongly recommend all users of these versions upgrade to
Apache SpamAssassin 3.0.4 as soon as possible.

This issue has been assigned CVE id CAN-2005-1266 [1].

To contact the Apache SpamAssassin security team, please e-mail
security at spamassassin.apache.org. For more information about Apache
SpamAssassin, visit the http://spamassassin.apache.org/ web site.

Apache SpamAssassin Security Team

[0]: http://mail-archives.apache.org/mod_mbox/spamassassin-dev/200506.mbox/%3c20050606223631.GG11538 [at] kluge%3e

[1]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266

---------------------------------------------------------------------
To unsubscribe, e-mail: announce-unsubscribe [at] spamassassin
For additional commands, e-mail: announce-help [at] spamassassin

SpamAssassin announce RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.