| Vulnerability Name: | CVE-2003-1557 (CCN-11154) | ||||||||
| Assigned: | 2003-01-23 | ||||||||
| Published: | 2003-01-23 | ||||||||
| Updated: | 2018-10-19 | ||||||||
| Summary: | Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2003-1557 Source: BUGTRAQ Type: UNKNOWN 20030123 SpamAssassin / spamc+BSMTP remote buffer overflow Source: CCN Type: BugTraq Mailing List, 2003-01-23 22:21:32 SpamAssassin / spamc+BSMTP remote buffer overflow Source: CCN Type: SA7983 Gentoo updates to Mail-SpamAssasin Source: SECUNIA Type: Vendor Advisory 7983 Source: CCN Type: SpamAssassin Web site SpamAssassin: Welcome to SpamAssassin Source: CCN Type: Gentoo Linux Security Announcement 200302-01 Mail-SpamAssasin -- arbitrary code execution Source: CCN Type: OSVDB ID: 44275 SpamAssassin spamc BSMTP Mode Header Handling Remote Overflow Source: GENTOO Type: UNKNOWN GLSA-200302-01 Source: BUGTRAQ Type: UNKNOWN 20030204 Re: GLSA: Mail-SpamAssasin Source: BID Type: Patch 6679 Source: CCN Type: BID-6679 SpamAssassin BSMTP Mode Buffer Overflow Vulnerability Source: XF Type: UNKNOWN spamassassin-spamc-offbyone-bo(11154) Source: XF Type: UNKNOWN spamassassin-spamc-offbyone-bo(11154) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||